Configuring Port-Based and User-Based Access Control (802.1X)
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X-Authenticated Devices
■
Option For Authenticator Ports:
Configure Port-Security
To Allow Only 802.1X-Authenticated
Devices
If 802.1X authentication is disabled on a port or set to authorized (Force
Authorize), the port can allow access to a non-authenticated client. Port-
Security operates with 802.1X authentication only if the selected ports are
configured as 802.1X with the control mode in the port-access authenticator
command set to auto (the default setting). For example, if port A10 was at a
non-default 802.1X setting and you wanted to configure it to support the port-
security option, you would use the following aaa port-access command:
Figure 12-9. Port-Access Support for Port-Security Operation
12-48
The first client to authenticate on a port configured to support multiple
clients will determine the port's VLAN membership for any subsequent
clients that authenticate while an active session is already in effect.
Control mode
required for Port-
Security Support