Configuring Port-Based Access Control (802.1x)

Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1x Devices

Note on Blocking a Non - 802 . 1x Device

If the port’s 802.1x authenticator control mode is configured to authorized (as shown below, instead of auto), then the first source MAC address from any device, whether 802.1x-aware or not, becomes the only authorized device on the port.

aaa port-access authenticator < port-list> control authorized

With 802.1x authentication disabled on a port or set to authorized (Force Authorize), the port may learn a MAC address that you don’t want authorized. If this occurs, you can block access by the unauthorized, non-802.1x device by using one of the following options:

If 802.1x authentication is disabled on the port, use these command syntaxes to enable it and allow only an 802.1x-aware device:

aaa port-access authenticator e < port-list>

Enables 802.1x authentication on the port.

aaa port-access authenticator e < port-list> control auto

Forces the port to accept only a device that supports 802.1x and supplies valid credentials.

If 802.1x authentication is enabled on the port, but set to authorized (Force Authorized), use this command syntax to allow only an 802.1x-aware device:

aaa port-access authenticator e < port-list> control auto

Forces the port to accept only a device that supports 802.1x and supplies valid credentials.

6-32

Page 166
Image 166
HP 4100gl manual Enables 802.1x authentication on the port