HP Q.11.XX Manual page 237

Procurve 2510 series switches
Table of Contents

Advertisement

N o t e o n
B l o c k i n g a N o n -
80 2 . 1X D e vice
N o t e
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X Devices
If the port's 802.1X authenticator control mode is configured to authorized (as
shown below, instead of auto), then the first source MAC address from any
device, whether 802.1X-aware or not, becomes the only authorized device on
the port.
aaa port-access authenticator < port-list > control authorized
With 802.1X authentication disabled on a port or set to authorized (Force
Authorize), the port may learn a MAC address that you don't want authorized.
If this occurs, you can block access by the unauthorized, non-802.1X device
by using one of the following options:
If 802.1X authentication is disabled on the port, use these command
syntaxes to enable it and allow only an 802.1X-aware device:
aaa port-access authenticator e < port-list >
Enables 802.1X authentication on the port.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.
If 802.1X authentication is enabled on the port, but set to authorized
(Force Authorized), use this command syntax to allow only an 802.1X-
aware device:
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.
If 802.1X port-access is configured on a given port, then port-security learn-
mode for that port must be set to either continuous (the default) or port-access.
In addition to the above, to use port-security on an authenticator port, use the
per-port client-limit option to control how many MAC addresses of 802.1X-
authenticated devices the port is allowed to learn. (Using client-limit sets
802.1X to client-based operation on the specified ports.) When this limit is
reached, no further devices can be authenticated until a currently authenti-
cated device disconnects and the current delay period or logoff period has
expired.
Configuring Port-Based and Client-Based Access Control (802.1X)
8-41

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

U.11.xxProcurve 2510-24Procurve 2510-48

Table of Contents