Table of Contents
Advertisement
N o t e o n
B l o c k i n g a N o n -
80 2 . 1X D e vice
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X Devices
If the port's 802.1X authenticator control mode is configured to authorized (as
shown below, instead of auto), then the first source MAC address from any
device, whether 802.1X-aware or not, becomes the only authorized device on
the port.
aaa port-access authenticator < port-list > control authorized
With 802.1X authentication disabled on a port or set to authorized (Force
Authorize), the port may learn a MAC address that you don't want authorized.
If this occurs, you can block access by the unauthorized, non-802.1X device
by using one of the following options:
If 802.1X authentication is disabled on the port, use these command
syntaxes to enable it and allow only an 802.1X-aware device:
aaa port-access authenticator e < port-list >
Enables 802.1X authentication on the port.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.
If 802.1X authentication is enabled on the port, but set to authorized
(Force Authorized), use this command syntax to allow only an 802.1X-
aware
device:
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.
Configuring Port-Based Access Control (802.1X)
8-33
Hide quick links:
Advertisement
Table of Contents
