Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
71727374757677787980
Specifies the MAC address format used in the RADIUS request message. This format
must match the format used to store the MAC addresses in the RADIUS server.
Default: no-delimiter
no-delimiter: specifies an aabbccddeeff format.
single-dash: specifies an aabbcc-ddeeff format.
multi-dash: specifies an aa-bb-cc-dd-ee-ff format.
multi-colon: specifies an aa:bb:cc:dd:ee:ff format.
no-delimiter-uppercase: specifies an AABBCCDDEEFF format.
single-dash-uppercase: specifies an AABBCC-DDEEFF format
multi-dash-uppercase: specifies an AA-BB-CC-DD-EE-FF format
multi-colon-uppercase: specifies an AA:BB:CC:DD:EE:FF format.
Enabling/disabling MAC authentication
Syntax:
[no] aaa port-access mac-based port-list
Enables MAC authentication on specified ports.
Use the no form of the command to disable MAC authentication on specified ports.
Specifying the maximum authenticated MACs allowed on a port
Syntax:
aaa port-access mac-based [e] port-list [addr-limit1-256]
Specifies the maximum number of authenticated MACs to allow on the port.
Default: 1
NOTE: On switches where MAC authenticated and 802.1X operate concurrently,
this limit includes the total number of clients authenticated through both methods.
The limit of 256 clients only applies when there are fewer than 16,384
authentication clients on the entire switch. After the limit of 16, 384 clients is
reached, no additional authentication clients are allowed on any port for any
method.
Allowing addresses to move without re-authentication
Syntax:
[no] aaa port-access mac-based [e] port-list [addr-moves]
Allows client moves between the specified ports under MAC authenticated control.
When enabled, the switch allows addresses to move without requiring a
re-authentication.
When disabled, the switch does not allow moves and when one occurs, the user
will be forced to re-authenticate. At least two ports (from ports and to ports) must
be specified.
Use the no form of the command to disable MAC address moves between ports
under MAC authenticated control.
Default: Disabled — no moves allowed
Configuring MAC authentication on the switch 75