Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X Devices - HP procurve switch 2600 series Access Security Manual

Note­

Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1x Devices

If an authenticated client loses authentication during a session in
■
802.1x Open VLAN mode, the port VLAN membership reverts back to
the Unauthorized-Client VLAN. If there is no Unauthorized-Client
VLAN configured, then the client loses access to the port until it can
reauthenticate itself.
Option For Authenticator Ports:
Configure Port-Security To Allow Only
802.1x Devices
If you use port-security on authenticator ports, you can configure it to learn
only the MAC address of the first 802.1x-aware device detected on the port.
Then, only traffic from this specific device is allowed on the port. When this
device logs off, another 802.1x-aware device can be authenticated on the port.
Syntax: port-security [ethernet] < port-list >
learn-mode port-access
Configures port-security on the specified port(s) to allow
only the first 802.1x-aware device the port detects.
action < none | send-alarm | send-disable >
Configures the port's response (in addition to blocking
unauthorized traffic) to detecting an intruder.
Port-Security operates with 802.1x authentication as described above only if
the selected ports are configured as 802.1x; that is with the control mode in
the port-access authenticator command set to auto. For example, to configure
port A10 for 802.1x authenticator operation and display the result:
HPswitch(config)# aaa port-access authenticator e A10
control auto
HPswitch(config)# show port-access authenticator e A10
config
Configuring Port-Based Access Control (802.1x)
7-31