Configuring Port-Based and Client-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
Syntax: aaa port-access authenticator < port-list >
Enables specified ports to operate as 802.1X authenti-
cators with current per- port authenticator configura-
tion. To activate configured 802.1X operation, you
must enable 802.1X authentication. Refer to “5. Enable
802.1X Authentication on the switch” on page
10-14
.
[control < authorized | auto | unauthorized >]
Controls authentication mode on the specified port:
authorized: Also termed “Force Authorized”. Gives
access to a device connected to the port. In this case,
the device does not have to provide 802.1X credentials
or support 802.1X authentication. (You can still
configure console, Telnet, or SSH security on the port.)
auto (the default): The device connected to the port must
support 802.1X authentication and provide valid
credentials to get network access. (Optional: You can
use the Open VLAN mode to provide a path for clients
without 802.1X supplicant software to down-load this
software and begin the authentication process. Refer
to
“802.1X Open VLAN Mode” on page 10-21.)
unauthorized: Also termed “Force Unauthorized”. Do not
grant access to the network, regardless of whether the
device provides the correct credentials and has 802.1X
support. In this state, the port blocks access to any
connected device.
[client-limit]]
--continued--
10-16
To Next Page
Loading...
