8-16
Configuring Port-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
Syntax: aaa port-access authenticator < port-list >
Enables specified ports to operate as 802.1X authenti-
cators with current per- port authenticator configura-
tion. To activate configured 802.1X operation, you
must enable 802.1X authentication. Refer to “5. Enable
802.1X Authentication on the switch” on page 8-13.
[control < authorized | auto | unauthorized >]
Controls authentication mode on the specified port:
authorized: Also termed Force Authorized. Grants access
to any device connected to the port. In this case, the
device does not have to provide 802.1X credentials or
support 802.1X authentication. (However, you can
still configure console, Telnet, or SSH security on the
port.)
auto (the default): The device connected to the port must
support 802.1X authentication and provide valid
credentials in order to get network access. (You have
the option of using the Open VLAN mode to provide a
path for clients without 802.1X supplicant software to
download this software and begin the authentication
process. Refer to “802.1X Open VLAN Mode” on page
8-21.)
unauthorized: Also termed Force Unauthorized. Do not
grant access to the network, regardless of whether the
device provides the correct credentials and has 802.1X
support. In this state, the port blocks access to any
connected device.
[quiet-period < 0 - 65535 >]
Sets the period during which the port does not try to
acquire a supplicant. The period begins after the last
attempt authorized by the max-requests parameter fails
(next page). (Default: 60 seconds)
[tx-period < 0 - 65535 >]
Sets the period the port waits to retransmit the next
EAPOL PDU during an authentication session.
(Default: 30 seconds)
[supplicant-timeout < 1 - 300 >]