Configuring Port-Based and Client-Based Access Control (802.1X)
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X-Authenticated Devices
and there are multiple clients authenticated on the port, if one client loses
access and attempts to re-authenticate, that client will be handled as a
new client on the port.
■ On a 5300xl switch running software release E.09.xx or greater, the first
client to authenticate on a port configured to support multiple clients will
determine the port’s VLAN membership for any subsequent clients that
authenticate while an active session is already in effect.
Option For Authenticator Ports:
Configure Port-Security To Allow Only
802.1X-Authenticated Devices
If 802.1X authentication is disabled on a port or set to authorized (Force
Authorize), the port can allow access to a non-authenticated client. Port-
Security operates with 802.1X authentication only if the selected ports are
configured as 802.1X with the control mode in the port-access authenticator
command set to auto (the default setting). For example, if port A10 was at a
non-default 802.1X setting and you wanted to configure it to support the port-
security option, you would use the following aaa port-access command:
Control mode
required for Port-
Security Support
Figure 10-3. Port-Access Support for Port-Security Operation
Port-Security on 5300xl Switches Running Software
Release E.09.xx or Greater
Not e If 802.1X port-access is configured on a given port, then port-security learn-
mode for that port must be set to either continuous (the default) or port-access.
10-36
To Next Page
Loading...
