5-16
Configuring Port-Based Access Control (802.1x)
Configuring Switch Ports as 802.1x Authenticators
Note on
Blocking a Non-
802.1x Device
If the port’s 802.1x authenticator control mode is configured to authorized (as
shown below, instead of auto), then the first source MAC address from any
device, whether 802.1x-aware or not, becomes the only authorized device on
the port.
aaa port-access authenticator < port-list > control authorized
With 802.1x authentication disabled on a port or set to authorized (Force
Authorize), the port may learn a MAC address that you don’t want authorized.
If this occurs, you can block access by the unauthorized, non-802.1x device
by using one of the following options:
If 802.1x authentication is disabled on the port, use these command
syntaxes to enable it and allow only an 802.1x-aware device:
If 802.1x authentication is enabled on the port, but set to authorized (Force
Authorized), use this command syntax to allow only an 802.1x-aware
device:
6. Enable 802.1x Authentication on the Switch
After configuring 802.1x authentication as described in the preceding four
sections, activate it with the the following command:
aaa port-access authenticator e < port-list >
Enables 802.1x authentication on the port.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports
802.1x and supplies valid credentials.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only adevice that supports
802.1x and supplies valid credentials.
Syntax: aaa port-access authenticator active
Activates 802.1x port-access on ports you have configured as
authenticators.
!FishSecurity.book Page 16 Thursday, October 10, 2002 9:19 PM
To Next Page
Loading...
