Configuring Port-Based and Client-Based Access Control (802.1X)
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X-Authenticated Devices
In addition to the above, to use port-security on an authenticator port (chapter
11), use the per-port client-limit option to control how many MAC addresses
of 802.1X-authenticated devices the port is allowed to learn. When this limit
is reached, no further devices can be authenticated until a currently authen
-
ticated device logs off.
Syntax: aaa port-access auth < port-list > client-limit < 1 - 32 >
Sets the number of authenticated devices the port is
allowed to learn. (Default: 1.) For more on this command,
refer to
“Configuring Switch Ports as 802.1X
Authenticators” on page 10-15.)
Syntax: port-security [ethernet] < port-list >
learn-mode port-access
Configures port-security on the specified port(s) to allow
only the number of 802.1X-aware devices specified by the
client-limit option.
Syntax: action < none | send-alarm | send-disable >
Configures the port’s response to detecting an intruder
(in addition to blocking unauthorized traffic).
Port-Security on 3400cl and 6400cl Switches, and on
5300xl Switches Running Software Earlier than E.09.xx
In addition to the information at the top of page 10-36, you must configure
port-security on authenticator ports to learn only the MAC address of the first
802.1X-aware device the port detects. Then, only traffic from this specific
device is allowed on the port. When this device logs off, another 802.1X-aware
device can be authenticated on the port.
Syntax: port-security [ethernet] < port-list >
learn-mode port-access
Configures port-security on the specified port(s) to allow
only the first 802.1X-aware device the port detects.
action < none | send-alarm | send-disable >
Configures the port’s response (in addition to blocking
unauthorized traffic) to detecting an intruder.
For more information on the port-security command, refer
to
chapter 11, “Configuring and Monitoring Port Security”.
10-37
To Next Page
Loading...
Need help?
General