KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

471

472

473

474

475

476

477

478

479

480

[auth-timeout < 1 - 300 >]

Sets the delay period the port waits to receive a challenge from the authenticator. If the request

times out, the port sends another request, up to the number of attempts specified by the max-start

parameter. (Default: 30 seconds).

[max-start < 1 - 10 >]

Defines the maximum number of times the supplicant port requests authentication. See step 1 on

page 13-50 for a description of how the port reacts to the authenticator response. (Default: 3).

[held-period < 0 - 65535 >]

Sets the time period the supplicant port waits after an active 802.1X session fails before trying to

re- acquire the authenticator port. (Default: 60 seconds)

[start-period < 1 - 300 >]

Sets the delay between Start packet retransmissions. That is, after a supplicant sends a start packet,

it waits during the start-period for a response. If no response comes during the start- period, the

supplicant sends a new start packet. The max-start setting (above) specifies how many start attempts

are allowed in the session. (Default: 30 seconds)

aaa port-access supplicant [ethernet] < port-list>

[initialize]

On the specified ports, blocks inbound and outbound traffic and restarts the 802.1X authentication

process. Affects only ports configured as 802.1X supplicants.

[clear-statistics]

Clears and restarts the 802.1X supplicant statistics counters.

Configuring Mixed Port Access Mode

Syntax

[no]aaa port-access <port-list>mixed

Enables or disables guests on ports with authenticated clients.

Default: Disabled; guests do not have access

HP Switch(config)# aaa port-access 6 mixed

General 802.1X Authenticator Operation

This operation provides security on a point-to-point link between a client and the switch, where

both devices are 802.1X-aware. (If you expect desirable clients that do not have the necessary

802.1X supplicant software, you can provide a path for downloading such software by using the

802.1X Open VLAN mode—see “802.1X Open VLAN mode” (page 342).)

Example of the Authentication Process

Suppose that you have configured a port on the switch for 802.1X authentication operation, which

blocks access to the LAN through that port. If you then connect an 802.1X-aware client (supplicant)

to the port and attempt to log on:

1. The switch responds with an identity request.

2. The client responds with a user name that uniquely defines this request for the client.

480 Port-Based and User-Based Access Control (802.1X)