KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

461

462

463

464

465

466

467

468

469

470

HP Switch(config)# aaa port-access authenticator e a10-a20 auth-vid 81

Configures ports A10 - A20 to use VLAN 81 as the Authorized-Client VLAN.

HP Switch(config)# aaa port-access authenticator active

Activates 802.1X port-access on ports you have configured as authenticators.

Inspecting 802.1X Open VLAN Mode Operation.

For information and an example on viewing current Open VLAN mode operation, see “Viewing

802.1X Open VLAN Mode Status” (page 471).

Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X-Authenticated Devices

If 802.1X authentication is disabled on a port or set to authorized (Force Authorize), the port can

allow access to a non-authenticated client. Port- Security operates with 802.1X authentication only

if the selected ports are configured as 802.1X with the control mode in the port-access authenticator

command set to auto (the default setting). For example, if port A10 was at a non-default 802.1X

setting and you wanted to configure it to support the portsecurity option, you would use the following

aaa port-access command:

Figure 334 Port-Access Support for Port-Security Operation

Table 52 Field table

DescriptionField

Whether 802.1X authentication is enabled or disabled on specified port(s).Port-access authenticator

activated

Port number on switch.Port

Period of time (in seconds) after which clients connected to the port need to be

reauthenticated.

Re-auth Period

Port’s authentication mode:Auto: Network access is allowed to any connected device

that supports 802.1X authentication and provides valid 802.1X credentials.Authorized:

Access Control

Network access is allowed to any device connected to the port, regardless of whether

it meets 802.1X criteria.Unauthorized: Network access is blocked to any device connected

to the port, regardless of whether the device meets 802.1X criteria.

Number of authentication attempts that must time-out before authentication fails and the

authentication session ends.

Max reqs

Period of time (in seconds) during which the port does not try to acquire a supplicant.Quiet Period

Period of time (in seconds) that the port waits to retransmit the next EAPOL PDU during

an authentication session.

TX Timeout

Period of time (in seconds) that the switch waits for a supplicant response to an EAP

request.

Supplicant Timeout

468 Port-Based and User-Based Access Control (802.1X)