Configuring Port-Based and User-Based Access Control (802.1X)

Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X-Authenticated Devices

 

Port-Security

 

 

N o t e

If 802.1X port-access is configured on a given port, then port-security learn-

 

mode for that port must be set to either continuous (the default) or port-access.

 

In addition to the above, to use port-security on an authenticator port (chapter

 

 

11), use the per-port client-limitoption to control how many MAC addresses

 

of 802.1X-authenticated devices the port is allowed to learn. (Using client-limit

 

sets 802.1X to user-based operation on the specified ports.) When this limit is

 

reached, no further devices can be authenticated until a currently authenti-

 

cated device disconnects and the current delay period or logoff period has

 

expired.

 

Configure the port access type.

 

Syntax: aaa port-access auth < port-list> client-limit < 1 - 32 >

 

Configures user-based 802.1X authentication on the

 

specified ports and sets the number of authenticated

 

devices the port is allowed to learn. For more on this

 

command, refer to “Configuring Switch Ports as 802.1X

 

Authenticators” on page 10-18.)

 

— Or —

 

no aaa port-access auth < port-list> client-limit

 

Configures port-based 802.1X authentication on the

 

specified ports, which opens the port. (Refer to “User

 

Authentication Methods” on page 10-4.)

10-46