KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

461

462

463

464

465

466

467

468

469

470

Enable 802.1X Authentication on the Switch

After configuring 802.1X authentication as described in the preceding four sections, activate it

with this command:

Syntax

aaa port-access authenticator active

Activates 802.1X port-access on ports you have configured as authenticators.

Optional: Reset Authenticator Operation

While 802.1X authentication is operating, you can use the following aaa portaccess authenticator

commands to reset 802.1X authentication and statistics on specified ports.

Syntax

aaa port-access authenticator < port-list>

[initialize]

On the specified ports, blocks inbound and outbound traffic and restarts the 802.1X

authentication process. This happens only on ports configured with control auto

and actively operating as 802.1X authenticators.

[reauthenticate]

On the specified ports, forces reauthentication (unless the authenticator is in “HELD”

state).

[clear-statistics]

On the specified ports, clears authenticator statistics counters.

Optional: Configure 802.1X Controlled Direction

After you enable 802.1X authentication on specified ports, you can use the aaa port-access

controlled-direction command to configure how a port transmits traffic before it successfully

authenticates a client and enters the authenticated state.

As documented in the IEEE 802.1X standard, an 802.1X-aware port that is unauthenticated can

control traffic in either of the following ways:

• In both ingress and egress directions by disabling both the reception of incoming frames and

transmission of outgoing frames

• Only in the ingress direction by disabling only the reception of incoming frames.

Prerequisite

As documented in the IEEE 802.1X standard, the disabling of incoming traffic and transmission

of outgoing traffic on an 802.1X-aware egress port in an unauthenticated state (using the aaa

port-access controlleddirection in command) is supported only if:

• The port is configured as an edge port in the network using the spanningtree edge-port

command.

• The 802.1s Multiple Spanning Tree Protocol (MSTP) or 802.1w Rapid Spanning Tree Protocol

(RSTP) is enabled on the switch. MSTP and RSTP improve resource utilization while maintaining

a loop-free network.

For information on how to configure the prerequisites for using the aaa portaccess

controlled-direction in command, see “Multiple Instance Spanning-Tree Operation” in the Advanced

Traffic Management Guide.

Configuring Port-Based Access 463