Allow only 802.1x devices – HP 4100GL User Manual

Configuring Port-Based Access Control (802.1x)

Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1x Devices

■

If an authenticated client loses authentication during a session in
802.1x Open VLAN mode, the port VLAN membership reverts back to
the Unauthorized-Client VLAN.

Option For Authenticator Ports:
Configure Port-Security To Allow Only
802.1x Devices

If you are using port-security on authenticator ports, you can configure it to
learn only the MAC address of the first 802.1x-aware device detected on the
port. Then, only traffic from this specific device is allowed on the port. When
this device logs off, another 802.1x-aware device can be authenticated on the
port.

Syntax:

port-security [ethernet] < port-list >

learn-mode port-access

Configures port-security on the specified port(s) to
allow only the first 802.1x-aware device that the port
detects.

action < none | send-alarm | send-disable >

Configures the port’s response (in addition to blocking
unauthorized traffic) to detecting an intruder.

N o t e

Port-Security operates with 802.1x authentication as described above only if
the selected ports are configured as 802.1x; that is with the

control mode in

the port-access authenticator command set to

auto. For example, to configure

port A10 for 802.1x authenticator operation and display the result:

HPswitch(config)# aaa port-access authenticator e A10

control auto

HPswitch(config)# show port-access authenticator e A10

config

6-31