5-15
Configuring Port-Based Access Control (802.1x)
Configuring Switch Ports as 802.1x Authenticators
5. Optional: For Authenticator Ports, Configure Port-
Security To Allow Only 802.1x Devices
If you are using port-security on authenticator ports, you can configure it to
learn only the MAC address of the first 802.1x-aware device detected on the
port. Then, only traffic from this specific device is allowed on the port. When
this device logs off, another 802.1x-aware device can be authenticated on the
port.
Note Port-Security operates with 802.1x authentication as described above only if
the affected ports are configured as 802.1x; that is with the control mode in the
port-access authenticator command set to auto. For example, to configure port
A10 for 802.1x authenticator operation and display the result:
HPswitch(config)# aaa port-access authenticator e A10
control auto
HPswitch(config)# show port-access authenticator e A10
config
Syntax: port-security [ethernet] < port-list >
learn-mode port-access
Configures port-security on the specified port(s)
to allow only the first 802.1x-aware device that
the port detects.
action < none | send-alarm | send-disable >
Configures the port’s response (in addition to
blocking unauthorized traffic) to detecting an
intruder.
!FishSecurity.book Page 15 Thursday, October 10, 2002 9:19 PM
To Next Page
Loading...
