HP (Hewlett-Packard) 2650 (J4899A/B) Switch User Manual


 
8-33
Configuring Port-Based Access Control (802.1X)
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X Devices
Note on
Blocking a Non-
802.1X Device
If the port’s 802.1X authenticator control mode is configured to authorized (as
shown below, instead of auto), then the first source MAC address from any
device, whether 802.1X-aware or not, becomes the only authorized device on
the port.
aaa port-access authenticator < port-list > control authorized
With 802.1X authentication disabled on a port or set to authorized (Force
Authorize), the port may learn a MAC address that you don’t want authorized.
If this occurs, you can block access by the unauthorized, non-802.1X device
by using one of the following options:
If 802.1X authentication is disabled on the port, use these command
syntaxes to enable it and allow only an 802.1X-aware device:
If 802.1X authentication is enabled on the port, but set to authorized
(Force Authorized), use this command syntax to allow only an 802.1X-
aware
device:
aaa port-access authenticator e < port-list >
Enables 802.1X authentication on the port.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.