KB.15.15

Specifiying the VLAN for an authorized client

Syntax:

aaa port-access mac-based [e] port-list [ auth-vid vid]

no aaa port-access mac-based [e] port-list [ auth-vid]

Specifies the VLAN to use for an authorized client. The RADIUS server can override

the value (accept response includes avid).

If auth-vid is 0, no VLAN changes occur unless the RADIUS server supplies one.

Use the no form of the command to set the auth-vid to 0.

Default:0

Specifying the time period enforced for implicit logoff

Syntax:

[no]aaa port-access mac-based [e] port-list [ logoff-period]

60-9999999

Specifies the period, in seconds, that the switch enforces for an implicit logoff. This

parameter is equivalent to the MAC age interval in a traditional switch sense. If the

switch does not see activity after a logoff-period interval, the client is returned to its

pre-authentication state.

Default: 300 seconds

Specifying how many authentication attempts can time-out before failure

Syntax:

[no]aaa port-access mac-based [e] port-list [ max-requests1-10]

Specifies the number of authentication attempts that must time-out before

authentication fails.

Default: 2

Specifying how long the switch waits before processing a request from a MAC address that failed

authentication

Syntax:

[no]aaa port-access mac-based [e] port-list [

quiet-period1-65535]

Specifies the time period (in seconds) that the switch waits before processing an

authentication request from a MAC address that failed authentication.

Default: 60 seconds

Specifying time period enforced on a client to re-authenticate

Syntax:

[no]aaa port-access mac-based [e] port-list [

reauth-period0-9999999]

Specifies the time period (in seconds) that the switch enforces on a client to

re-authenticate. The client remains authenticated while the re-authentication occurs.

When set to 0, re-authentication is disabled.

Default: 300 seconds

76 Web-based and MAC authentication