Configuring Port-Based and User-Based Access Control (802.1X)

Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X-Authenticated Devices

The first client to authenticate on a port configured to support multiple clients will determine the port’s VLAN membership for any subsequent clients that authenticate while an active session is already in effect.

Option For Authenticator Ports:Configure Port-Security

To Allow Only 802.1X-Authenticated

Devices

If 802.1X authentication is disabled on a port or set to authorized (Force Authorize), the port can allow access to a non-authenticated client. Port- Security operates with 802.1X authentication only if the selected ports are configured as 802.1X with the control mode in the port-access authenticator command set to auto (the default setting). For example, if port A10 was at a non-default 802.1X setting and you wanted to configure it to support the port- security option, you would use the following aaa port-accesscommand:

Control mode required for Port- Security Support

Figure 10-8. Port-Access Support for Port-Security Operation

10-45