Configuring Port-Based and User-Based Access Control (802.1X)

Configuring Switch Ports as 802.1X Authenticators

 

1. Enable 802.1X Authentication on Selected Ports

 

This task configures the individual ports you want to operate as 802.1X

 

authenticators for point-to-point links to 802.1X-aware clients or switches,

 

and consists of two steps:

 

A. Enable the selected ports as authenticators.

 

B. Specify either user-based or port-based 802.1X authentication.

 

(Actual 802.1X operation does not commence until you perform step 5 on page

 

10-25to activate 802.1X authentication on the switch.)

 

 

N o t e

If you enable 802.1X authentication on a port, the switch automatically dis-

 

ables LACP on that port. However, if the port is already operating in an LACP

 

trunk, you must remove the port from the trunk before you can configure it

 

for 802.1X authentication.

 

A. Enable the Selected Ports as Authenticators and Enable

 

 

the (Default) Port-Based Authentication

 

Syntax: [ no ] aaa port-access authenticator < port-list>

 

Enables specified ports to operate as 802.1X authenticators

 

and enables port-based authentication. (To enable user-

 

based authentication, execute this command first, and then

 

execute the client-limit < port-list > version of this command

 

described in the next section.) The no form of the command

 

removes 802.1X authentication from < port-list>. To activate

 

configured 802.1X operation, you must enable 802.1X

 

authentication. Refer to “5. Enable 802.1X Authentication

 

on the switch” on page 10-25.

10-19