Usage: [no] aaa port-access <authenticator ... | supplicant ...
web-based ... | mac-based ...>
Description: Congure 802.1X (Port Based Network Access),
MAC address based network access,
or web authentication based network access
on the device. You can congure authenticator,
supplicant, MAC address based, or web authentication based
network access on the device or device ports by specifying
a corresponding keyword.
See 'aaa port-access authenticator help', 'aaa port-access
supplicant help', 'aaa port-access mac-based help', and
'aaa port-access web-based help' for further details on
authenticator, supplicant, MAC address based, and
web authentication based network access conguration.
Next Available Options:
■ gvrp-vlans -- Enable/disable the use of RADIUS-assigned dynamic (GVRP) VLANs(p. 34)
■ authenticator -- Configure 802(p. 28)
■ supplicant -- Manage 802 ([ethernet] PORT-LIST) (p. 51)
■ mac-based -- Configure MAC address based network authentication on the device or the
device's port(s)(p. 37)
■ web-based -- Configure web authentication based network authentication on the device or the
device's port(s)(p. 55)
■ PORT-LIST -- Manage general port security features on the device port(s). ([ethernet] PORT-LIST)
(p. 43)
PORT-LIST
■ [no] aaa port-access authenticator [ETHERNET] PORT-LIST
Manage 802.1X on the device port(s).
Next Available Options:
■ control < authorized | auto | unauthorized > -- Set the authenticator to Force Authorized, Force
Unauthorized or Auto state (default Auto). (NUMBER) (p. 32)
■ quiet-period < 0 to 65535 > -- Set the period of time the switch does not try to acquire a
supplicant (default 60 sec.). (NUMBER) (p. 47)
■ tx-period < 1 to 65535 > -- Set the period of time the switch waits until retransmission of EAPOL
PDU (default 30 sec.). (NUMBER) (p. 53)
■ supplicant-timeout < 1 to 300 > -- Set the supplicant response timeout on an EAP request
(default 30 sec.). (NUMBER) (p. 52)
■ server-timeout < 1 to 300 > -- Set the authentication server response timeout (default 30sec.).
(NUMBER) (p. 50)
■ max-requests < 1 to 10 > -- Set maximum number of times the switch retransmits authentication
requests (default 2). (NUMBER) (p. 39)
■ reauth-period < 0 to 9999999 > -- Set the re-authentication timeout (in seconds, default 0); set
to '0' to disable re-authentication. (NUMBER) (p. 47)
■ auth-vid -- Configures VLAN where to move port after successful authentication (not configured
by default).(p. 30)
■ unauth-vid -- Configures VLAN where to keep port while there is an unauthenticated client
connected (not configured by default).(p. 53)
■ unauth-period < 0 to 255 > -- Set period of time the switch waits for authentication before
moving the port to the VLAN for unauthenticated clients. (NUMBER) (p. 53)
43© 2009 Hewlett-Packard Development Company, L.P.
aaaCommand Line Interface Reference Guide
