HP (Hewlett-Packard) 2500 Switch User Manual


 
56
Enhancements in Release F.05.05 through F.05.70
Enhancements in Release F.05.05 through F.05.60
Note on Blocking a Non-802.1X Device
If the port’s 802.1X authenticator control mode is configured to authorized (as shown below, instead
of auto), then the first source MAC address from any device, whether 802.1X-aware or not, becomes
the only authorized device on the port.
aaa port-access authenticator < port-list > control authorized
With 802.1X authentication disabled on a port or set to authorized (Force Authorize), the port may
learn a MAC address that you don’t want authorized. If this occurs, you can block access by the
unauthorized, non-802.1X device by using one of the following options:
If 802.1X authentication is disabled on the port, use these command syntaxes to enable it
and allow only an 802.1X-aware device:
If 802.1X authentication is enabled on the port, but set to authorized (Force Authorized), use this
command syntax to allow only an 802.1X-aware
device:
aaa port-access authenticator e < port-list >
Enables 802.1X authentication on the port.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.