â– secondary < local | none | authorized > -- Specify the backup authentication method
for access control. (p. 48)
â– web-based -- Configure authentication mechanism used to control web-based port access to
the switch (p. 55)
â– primary < chap-radius | peap-mschapv2 > -- Specify the primary authentication method
for access control. (p. 44)
â– secondary < none | authorized > -- Specify the backup authentication method for access
control. (p. 48)
â– aaa authorization -- Configure authorization parameters on the switch (p. 30)
â– commands -- Configure exec (shell) commands authorization. (p. 31)
â– primary_method < radius | none > -- (p. 47)
â– aaa port-access -- Configure 802 (p. 42)
â– authenticator -- Configure 802 (p. 28)
â– active -- Activate/deactivate 802.1X authenticator. (p. 27)
â– PORT-LIST -- Manage 802.1X on the device port(s). ([ethernet] PORT-LIST) (p. 43)
â– auth-vid -- Configures VLAN where to move port after successful authentication (not
configured by default). (p. 30)
â– VLAN-ID -- Configures VLAN where to move port after successful authentication (not
configured by default). (VLAN-ID) (p. 54)
â– clear-statistics -- Clear the authenticator statistics. (p. 31)
â– client-limit -- Set the maximum number of clients to allow on the port. (p. 31)
â– NUMBER-OF-CLIENTS < 1 to 32 > -- Set the maximum number of clients to allow on
the port. (NUMBER) (p. 42)
â– control < authorized | auto | unauthorized > -- Set the authenticator to Force Authorized,
Force Unauthorized or Auto state (default Auto). (NUMBER) (p. 32)
â– initialize -- Reinitialize the authenticator state machine. (p. 35)
â– logoff-period < 1 to 999999999 > -- Set period of time after which a client will be
considered removed from the port for a lack of activity. (NUMBER) (p. 36)
â– max-requests < 1 to 10 > -- Set maximum number of times the switch retransmits
authentication requests (default 2). (NUMBER) (p. 39)
â– quiet-period < 0 to 65535 > -- Set the period of time the switch does not try to acquire
a supplicant (default 60 sec.). (NUMBER) (p. 47)
â– reauthenticate -- Force re-authentication to happen. (p. 47)
â– reauth-period < 0 to 9999999 > -- Set the re-authentication timeout (in seconds, default
0); set to '0' to disable re-authentication. (NUMBER) (p. 47)
â– server-timeout < 1 to 300 > -- Set the authentication server response timeout (default
30sec.). (NUMBER) (p. 50)
â– supplicant-timeout < 1 to 300 > -- Set the supplicant response timeout on an EAP request
(default 30 sec.). (NUMBER) (p. 52)
â– tx-period < 1 to 65535 > -- Set the period of time the switch waits until retransmission
of EAPOL PDU (default 30 sec.). (NUMBER) (p. 53)
â– unauth-period < 0 to 255 > -- Set period of time the switch waits for authentication
before moving the port to the VLAN for unauthenticated clients. (NUMBER) (p. 53)
â– unauth-vid -- Configures VLAN where to keep port while there is an unauthenticated
client connected (not configured by default). (p. 53)
â– VLAN-ID -- Configures VLAN where to keep port while there is an unauthenticated
client connected (not configured by default). (VLAN-ID) (p. 54)
â– gvrp-vlans -- Enable/disable the use of RADIUS-assigned dynamic (GVRP) VLANs (p. 34)
â– mac-based -- Configure MAC address based network authentication on the device or the
device's port(s) (p. 37)
â– addr-format < no-delimiter | single-dash | multi-dash | ... > -- Set the MAC address format
to be used in the RADIUS request message (default no-delimiter). (p. 27)
23© 2009 Hewlett-Packard Development Company, L.P.
aaaCommand Line Interface Reference Guide