HP procurve switch 2600 series Access Security Manual page 168

Configuring Port-Based Access Control (802.1x)
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1x Devices
N o t e o n
B l o c k i n g a N o n -
80 2 . 1x D e v i c e
7-32
If the port's 802.1x authenticator control mode is configured to authorized (as
shown below, instead of auto), then the first source MAC address from any
device, whether 802.1x-aware or not, becomes the only authorized device on
the port.
aaa port-access authenticator < port-list > control authorized
With 802.1x authentication disabled on a port or set to authorized (Force
Authorize), the port may learn a MAC address that you don't want authorized.
If this occurs, you can block access by the unauthorized, non-802.1x device
by using one of the following options:
If 802.1x authentication is disabled on the port, use these command
■
syntaxes to enable it and allow only an 802.1x-aware device:
aaa port-access authenticator e < port-list >
Enables 802.1x authentication on the port.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1x
and supplies valid credentials.
If 802.1x authentication is enabled on the port, but set to authorized
■
(Force Authorized), use this command syntax to allow only an 802.1x-
aware
device:
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1x
and supplies valid credentials.