13-20
Configuring Port-Based and User-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
Port-Based 802.1X Authentication.  
Example: Configuring User-Based 802.1X Authentication
This example enables ports A10-A12 to operate as authenticators, and then 
configures the ports for user-based authentication.
Figure 13-4. Example of Configuring User-Based 802.1X Authentication
Example: Configuring Port-Based 802.1X Authentication
This example enables ports A13-A15 to operate as authenticators, and then 
configures the ports for port-based authentication.
Figure 13-5. Example of Configuring Port-Based 802.1X Authentication
no aaa port-access authenticator <port-list> client-limit
Used to convert a port from user-based authentication to 
port-based authentication, which is the default setting for 
ports on which authentication is enabled. (Executing aaa 
port-access authenticator < port-list > enables 802.1X authenti-
cation on < port-list > and enables port-based authentica-
tion—page 13-18.)   If a port currently has no authenticated 
client sessions, the next authenticated client session the port 
accepts determines the untagged VLAN membership to 
which the port is assigned during the session. If another 
authenticated client session begins later on the same port 
while an earlier session is active, the later session replaces 
the currently active session and will be on the untagged 
VLAN membership specified by the RADIUS server for the 
later session.
HP Switch(config)# aaa port-access authenticator a10-A12
HP Switch(config)# aaa port-access authenticator a10-A12 client-limit 4
HP Switch(config)# aaa port-access authenticator a13-a15
HP Switch(config)# no aaa port-access authenticator a13-a15 client-limit