Configuring Port-Based Access Control (802.1x)

Displaying 802.1x Configuration, Statistics, and Counters

 

25 as an authorized VLAN, then the port’s membership in VLAN 1 will be

 

temporarily suspended whenever an authenticated 802.1x client is attached

 

to the port.

Table 6-1. Open VLAN Mode Status

 

 

Status Indicator

Meaning

 

 

Port

Lists the ports configured as 802.1x port-access authenticators.

 

 

Status

Closed: Either no client is connected or the connected client has not received authorization through

 

802.1x authentication.

Open: An authorized 802.1x supplicant is connected to the port.

Access Control

This state is controlled by the following port-access command syntax:

HPswitch(config)# aaa port-access authenticator < port-list> control < authorized auto unauthorized >

 

Auto: Configures the port to allow network access to any connected device that supports 802.1x

 

authentication and provides valid 802.1x credentials. (This is the default authenticator setting.)

 

FA: Configures the port for "Force Authorized", which allows access to any device connected to

 

the port, regardless of whether it meets 802.1x criteria. (You can still configure console, Telnet, or

 

SSH security on the port.)

 

FU: Configures the port for "Force Unauthorized", which blocks access to any device connected to

 

the port, regardless of whether the device meets 802.1x criteria.

 

 

Authenticator State

Connecting: A client is connected to the port, but has not received 802.1x authentication.

 

Force Unauth: Indicates the "Force Unauthorized" state. Blocks access to the network, regardless

 

of whether the client supports 802.1x authentication or provides 802.1x credentials.

 

Force Auth: Indicates the "Force Authorized" state. Grants access to any device connected to the

 

port. The device does not have to support 802.1x authentication or provide 802.1x credentials.

 

Authorized: The device connected to the port supports 802.1x authentication, has provided 802.1x

 

credentials, and has received access to the network. This is the default state for access control.

 

Disconnected: No client is connected to the port.

 

 

Authenticator

Idle: The switch is not currently interacting with the RADIUS authentication server. Other states

Backend State

(Request, Response, Success, Fail, Timeout, and Initialize) may appear temporarily to indicate

 

interaction with a RADIUS server. However, these interactions occur quickly and are replaced by

 

Idle when completed.

 

< vlan-id>: Lists the VID of the static VLAN configured as the unauthorized VLAN for the indicated

Unauthorized VLAN

ID

port.

 

0: No unauthorized VLAN has been configured for the indicated port.

 

 

Authorized VLAN ID

< vlan-id >: Lists the VID of the static VLAN configured as the authorized VLAN for the indicated port.

0: No authorized VLAN has been configured for the indicated port.

 

 

Current VLAN ID

< vlan-id >: Lists the VID of the static, untagged VLAN to which the port currently belongs.

 

No PVID: The port is not an untagged member of any VLAN.

 

 

6-40