13-50
Configuring Port-Based and User-Based Access Control (802.1X)
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X-Authenticated Devices
Port-Security
Note If 802.1X port-access is configured on a given port, then port-security learn-
mode for that port must be set to either continuous (the default) or port-access.
In addition to the above, to use port-security on an authenticator port (chapter 
14), use the per-port client-limit option to control how many MAC addresses 
of 802.1X-authenticated devices the port is allowed to learn. (Using client-limit 
sets 802.1X to user-based operation on the specified ports.) When this limit is 
reached, no further devices can be authenticated until a currently authenti-
cated device disconnects and the current delay period or logoff period has 
expired.
Configure the port access type.  
Syntax: aaa port-access auth < port-list > client-limit < 1 - 32 >
Configures user-based 802.1X authentication on the 
specified ports and sets the number of authenticated 
devices the port is allowed to learn. For more on this 
command, refer to “Configuring Switch Ports as 802.1X 
Authenticators” on page 13-17.)
— Or —
no aaa port-access auth < port-list > client-limit 
Configures port-based 802.1X authentication on the 
specified ports, which opens the port. (Refer to “User 
Authentication Methods” on page 13-2.)