Home » HP Manuals » Repeaters & Transceivers » HP GbE2c » Manual Viewer

HP GbE2c HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Command Refere - Page 110

x Global configuration, force-unauth

UPC - 808736802215

Add to My Manuals
Save this manual to your list of manuals

Page 110 highlights

[802.1x Configuration Menu] global - Global 802.1x configuration menu port - Port 802.1x configuration menu ena - Enable 802.1x access control dis - Disable 802.1x access control cur - Show 802.1x configuration This feature allows you to configure the GbE2c as an IEEE 802.1x Authenticator, to provide port-based network access control. The following table describes the 802.1x Configuration Menu options. Table 103 802.1x Configuration Menu options Command global port ena dis cur Description Displays the global 802.1x Configuration Menu. Displays the 802.1x Port Menu. Globally enables 802.1x. Globally disables 802.1x. Displays current 802.1x parameters. 802.1x Global configuration Command: /cfg/l2/8021x/global [802.1x Global Configuration Menu] mode - Set access control mode qtperiod - Set EAP-Request/Identity quiet time interval txperiod - Set EAP-Request/Identity retransmission timeout suptmout - Set EAP-Request retransmission timeout svrtmout - Set server authentication request timeout maxreq - Set max number of EAP-Request retransmissions raperiod - Set reauthentication time interval reauth - Set reauthentication status to on or off default - Restore default 802.1x configuration cur - Display current 802.1x configuration The global 802.1x menu allows you to configure parameters that affect all ports in the switch. The following table describes the 802.1x Global Configuration Menu options. Table 104 802.1x Global Configuration Menu options Command mode forceunauth|auto|force-auth qtperiod txperiod suptmout svrtmout Description Sets the type of access control for all ports: • force-unauth - the port is unauthorized unconditionally. • auto - the port is unauthorized until it is successfully authorized by the RADIUS server. • force-auth - the port is authorized unconditionally, allowing all traffic. The default value is force-auth. Sets the time, in seconds, the authenticator waits before transmitting an EAPRequest/ Identity frame to the supplicant (client) after an authentication failure in the previous round of authentication. The default value is 60 seconds. Sets the time, in seconds, the authenticator waits for an EAP-Response/Identity frame from the supplicant (client) before retransmitting an EAP-Request/Identity frame. The default value is 30 seconds. Sets the time, in seconds, the authenticator waits for an EAP-Response packet from the supplicant (client) before retransmitting the EAP-Request packet to the authentication server. The default value is 30 seconds. Sets the time, in seconds, the authenticator waits for a response from the Radius server before declaring an authentication timeout. The default value is 30 seconds. The time interval between transmissions of the RADIUS Access-Request packet containing the supplicant's (client's) EAP-Response packet is determined by the current setting of /cfg/sys/radius/timeout (default is 3 seconds). Configuration Menu 110

Section	Page
HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Command Reference Guide	1
Notice	2
Contents	3
Command line interface	9
Introduction	9
Additional references	9
Connecting to the switch	9
Establishing a console connection	9
Setting an IP address	10
Establishing a Telnet connection	10
Establishing an SSH connection	10
Accessing the switch	11
Idle timeout	12
Typographical conventions	13
Menu basics	14
Introduction	14
Main Menu	14
Menu summary	14
Global commands	15
Command line history and editing	16
Command line interface shortcuts	17
Command stacking	17
Command abbreviation	17
Tab completion	17
First-time configuration	18
Introduction	18
Configuring Simple Network Management Protocol support	18
Setting passwords	19
Changing the default administrator password	19
Changing the default user password	20
Changing the default operator password	21
Information Menu	22
Introduction	22
Menu overview	22
System Information Menu	23
SNMPv3 Information Menu	23
SNMPv3 USM User Table information	24
SNMPv3 View Table information	25
SNMPv3 Access Table information	25
SNMPv3 Group Table information	26
SNMPv3 Community Table information	26
SNMPv3 Target Address Table information	27
SNMPv3 Target Parameters Table information	27
SNMPv3 Notify Table information	28
SNMPv3 dump	29
System information	30
Show last 100 syslog messages	31
System user information	31
Layer 2 information	32
FDB information menu	33
Show all FDB information	34
Clearing entries from the forwarding database	34
Link Aggregation Control Protocol information	34
LACP dump	35
802.1x information	36
Spanning Tree information	37
Rapid Spanning Tree and Multiple Spanning Tree information	39
Common Internal Spanning Tree information	41
Trunk group information	42
VLAN information	43
Layer 2 general information	43
Layer 3 information	43
Route information	44
Show all IP Route information	45
ARP information	46
Show all ARP entry information	46
ARP address list information	46
OSPF information	47
OSPF general information	48
OSPF interface information	48
OSPF Database information menu	48
OSPF route codes information	50
Routing Information Protocol information	50
RIP Routes information	50
RIP user configuration	51
IP information	51
IGMP multicast group information	51
IGMP multicast router port information	52
VRRP information	52
QoS information	53
802.1p information	53
ACL information	54
RMON Information Menu	54
RMON history information	55
RMON alarm information	56
RMON event information	56
Link status information	57
Port information	58
Logical Port to GEA Port mapping	59
Uplink Failure Detection information	59
Information dump	60
Statistics Menu	61
Introduction	61
Menu information	61
Port Statistics Menu	62
802.1x statistics	63
Bridging statistics	64
Ethernet statistics	65
Interface statistics	67
Internet Protocol (IP) statistics	68
Link statistics	68
Port RMON statistics	69
Layer 2 statistics	70
FDB statistics	70
LACP statistics	71
Layer 3 statistics	71
GEA Layer 3 statistics menu	72
GEA Layer 3 statistics	72
IP statistics	72
Route statistics	73
ARP statistics	73
DNS statistics	74
ICMP statistics	74
TCP statistics	75
UDP statistics	76
IGMP Multicast Group statistics	77
OSPF statistics menu	77
OSPF global statistics	78
VRRP statistics	80
RIP statistics	81
Management Processor statistics	81
Packet statistics	81
TCP statistics	82
UDP statistics	83
CPU statistics	83
Access Control List (ACL) statistics menu	83
ACL statistics	83
SNMP statistics	84
NTP statistics	86
Uplink Failure Detection statistics	87
Statistics dump	87
Configuration Menu	88
Introduction	88
Menu information	88
Viewing, applying, reverting, and saving changes	89
Viewing pending changes	89
Applying pending changes	89
Reverting changes	89
Saving the configuration	89
Reminders	90
System configuration	90
System host log configuration	91
Secure Shell Server configuration	92
RADIUS server configuration	93
TACACS+ server configuration	94
NTP server configuration	96
System SNMP configuration	96
SNMPv3 configuration	97
User Security Model configuration	98
SNMPv3 View configuration	99
View-based Access Control Model configuration	100
SNMPv3 Group configuration	100
SNMPv3 Community Table configuration	101
SNMPv3 Target Address Table configuration	102
SNMPv3 Target Parameters Table configuration	102
SNMPv3 Notify Table configuration	103
System Access configuration	104
Management Networks configuration	104
User Access Control configuration	105
User ID configuration	105
HTTPS Access configuration	106
Port configuration	106
Temporarily disabling a port	108
Port link configuration	108
Port ACL/QoS configuration	109
Layer 2 configuration	109
802.1x configuration	109
802.1x Global configuration	110
802.1x Port configuration	111
Rapid Spanning Tree Protocol / Multiple Spanning Tree Protocol configuration	112
Common Internal Spanning Tree configuration	113
CIST bridge configuration	114
CIST port configuration	114
Spanning Tree configuration	115
Bridge Spanning Tree configuration	116
Spanning Tree port configuration	117
Forwarding Database configuration	118
Static FDB configuration	118
Trunk configuration	119
IP Trunk Hash configuration	120
Layer 2 IP Trunk Hash configuration	120
Link Aggregation Control Protocol configuration	120
LACP Port configuration	121
VLAN configuration	121
Layer 3 configuration	122
IP interface configuration	123
Default Gateway configuration	124
IP Static Route configuration	124
Address Resolution Protocol configuration	125
IP Forwarding configuration	125
Network Filter configuration	125
Route Map configuration	126
IP Access List configuration	127
Autonomous System Path configuration	127
Routing Information Protocol configuration	128
RIP Interface configuration	129
RIP Route Redistribution configuration	130
Open Shortest Path First configuration	130
OSFP Area Index configuration	131
OSPF Summary Range configuration	132
OSPF Interface configuration	133
OSPF Virtual Link configuration	134
OSPF Host Entry configuration	135
OSPF Route Redistribution configuration	135
OSPF MD5 Key configuration	136
IGMP configuration	136
IGMP snooping configuration	137
IGMP static multicast router configuration	138
IGMP filtering configuration	138
IGMP filter definition	139
IGMP filtering port configuration	139
Domain Name System configuration	140
Bootstrap Protocol Relay configuration	140
Virtual Router Redundancy Protocol configuration	141
VRRP Virtual Router configuration	141
VRRP Virtual Router Priority Tracking configuration	143
VRRP Virtual Router Group configuration	143
VRRP Virtual Router Group Priority Tracking configuration	144
VRRP Interface configuration	145
VRRP Tracking configuration	145
Quality of Service configuration	146
QoS 802.1p configuration	146
Access Control configuration	146
Access Control List configuration	147
ACL Ethernet Filter configuration	148
ACL IP Version 4 Filter configuration	148
ACL TCP/UDP Filter configuration	149
ACL Meter configuration	150
ACL Re-mark configuration	150
ACL Re-mark In-Profile configuration	151
ACL Re-mark In-Profile Update User Priority configuration	151
ACL Re-mark Out-of-Profile configuration	151
ACL Packet Format configuration	152
ACL Group configuration	152
Remote Monitoring configuration	152
RMON history configuration	153
RMON event configuration	154
RMON alarm configuration	154
Port mirroring	155
Port-based port mirroring	156
Uplink Failure Detection configuration	156
Failure Detection Pair configuration	157
Link to Monitor configuration	157
Link to Disable configuration	158
Dump	158
Saving the active switch configuration	158
Restoring the active switch configuration	159
Operations Menu	160
Introduction	160
Menu information	160
Operations-level port options	160
Operations-level port 802.1x options	161
Operations-level VRRP options	161
Boot Options Menu	162
Introduction	162
Menu information	162
Updating the switch software image	162
Downloading new software to the switch	162
Selecting a software image to run	163
Uploading a software image from the switch	164
Selecting a configuration block	164
Resetting the switch	165
Accessing the ISCLI	165
Maintenance Menu	166
Introduction	166
Menu information	166
System maintenance options	167
Forwarding Database options	167
Debugging options	168
ARP cache options	168
IP Route Manipulation options	169
IGMP Multicast Group options	169
IGMP Snooping options	170
IGMP Mrouter options	170
Uuencode flash dump	171
FTP/TFTP system dump put	171
Clearing dump information	171
Panic command	172
Unscheduled system dumps	172

Match case Limit results 1 per page

Configuration Menu 110

[802.1x Configuration Menu]

global

- Global 802.1x configuration menu

port

- Port 802.1x configuration menu

ena

- Enable 802.1x access control

dis

- Disable 802.1x access control

cur

- Show 802.1x configuration

This feature allows you to configure the GbE2c as an IEEE 802.1x Authenticator, to provide port-based network

access control. The following table describes the 802.1x Configuration Menu options.

Table 103

802.1x Configuration Menu options

Command

Description

global

Displays the global 802.1x Configuration Menu.

port <

port number

Displays the 802.1x Port Menu.

ena

Globally enables 802.1x.

dis

Globally disables 802.1x.

cur

Displays current 802.1x parameters.

802.1x Global configuration

Command:

/cfg/l2/8021x/global

[802.1x Global Configuration Menu]

mode

- Set access control mode

qtperiod - Set EAP-Request/Identity quiet time interval

txperiod - Set EAP-Request/Identity retransmission timeout

suptmout - Set EAP-Request retransmission timeout

svrtmout - Set server authentication request timeout

maxreq

- Set max number of EAP-Request retransmissions

raperiod - Set reauthentication time interval

reauth

- Set reauthentication status to on or off

default

- Restore default 802.1x configuration

cur

- Display current 802.1x configuration

The global 802.1x menu allows you to configure parameters that affect all ports in the switch. The following table

describes the 802.1x Global Configuration Menu options.

Table 104

802.1x Global Configuration Menu options

Command

Description

mode force-

unauth|auto|force-auth

Sets the type of access control for all ports:

•

force-unauth

- the port is unauthorized unconditionally.

•

auto

- the port is unauthorized until it is successfully authorized by the

RADIUS server.

•

force-auth

- the port is authorized unconditionally, allowing all traffic.

The default value is

force-auth

qtperiod <

0-65535

Sets the time, in seconds, the authenticator waits before transmitting an EAP-

Request/ Identity frame to the supplicant (client) after an authentication failure

in the previous round of authentication. The default value is 60 seconds.

txperiod <

1-65535

Sets the time, in seconds, the authenticator waits for an EAP-Response/Identity

frame from the supplicant (client) before retransmitting an EAP-Request/Identity

frame. The default value is 30 seconds.

suptmout <

1-65535

Sets the time, in seconds, the authenticator waits for an EAP-Response packet

from the supplicant (client) before retransmitting the EAP-Request packet to the

authentication server. The default value is 30 seconds.

svrtmout <

1-65535

Sets the time, in seconds, the authenticator waits for a response from the Radius

server before declaring an authentication timeout. The default value is 30

seconds.

The time interval between transmissions of the RADIUS Access-Request packet

containing the supplicant’s (client’s) EAP-Response packet is determined by the

current setting of

/cfg/sys/radius/timeout

(default is 3 seconds).