Command Reference Guide

ManualsBrandsHP ManualsMoonshot SystemsHP Moonshot-45G Switch Module

331

332

333

334

335

336

337

338

339

340

Port-Based Network Access Control Commands

CLI Command Reference

September 2014 Page 339

HP Moonshot Switch Module CLI Command Reference

dot1x system-auth-control monitor

Use this command to enable the 802.1X monitor mode on the switch. The purpose of Monitor mode is to help

troubleshoot port-based authentication configuration issues without disrupting network access for hosts

connected to the switch. In Monitor mode, a host is granted network access to an 802.1X-enabled port even if

it fails the authentication process. The results of the process are logged for diagnostic purposes.

no dot1x system-auth-control monitor

This command disables the 802.1X Monitor mode on the switch.

dot1x timeout

This command sets the value, in seconds, of the timer used by the authenticator state machine on an interface

or range of interfaces. Depending on the token used and the value (in seconds) passed, various timeout

configurable parameters are set. The following tokens are supported:

Default disabled

Format

dot1x system-auth-control monitor

Mode Global Config

Format

no dot1x system-auth-control monitor

Mode Global Config

Tokens Definition

guest-vlan-period The time, in seconds, for which the authenticator waits to see if any EAPOL packets are

received on a port before authorizing the port and placing the port in the guest vlan (if

configured). The guest vlan timer is only relevant when guest vlan has been configured on

that specific port.

reauth-period The value, in seconds, of the timer used by the authenticator state machine on this port to

determine when re-authentication of the supplicant takes place. The reauth-period must

be a value in the range 1 - 65535.

quiet-period The value, in seconds, of the timer used by the authenticator state machine on this port to

define periods of time in which it will not attempt to acquire a supplicant. The quiet-period

must be a value in the range 0 - 65535.

tx-period The value, in seconds, of the timer used by the authenticator state machine on this port to

determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The

quiet-period must be a value in the range 1 - 65535.

supp-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to

timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535.

server-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to

timeout the authentication server. The supp-timeout must be a value in the range 1 -

65535.