HP 2800 User Manual

Configuring Port-Based Access Control (802.1X)

Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1X Devices

N o t e o n

If the port’s 802.1X authenticator

control mode is configured to authorized (as

B l o c k i n g a N o n -

shown below, instead of

auto), then the first source MAC address from any

8 0 2 . 1 X D e v i c e

device, whether 802.1X-aware or not, becomes the only authorized device on
the port.

aaa port-access authenticator < port-list > control authorized

With 802.1X authentication disabled on a port or set to

authorized (Force

Authorize), the port may learn a MAC address that you don’t want authorized.
If this occurs, you can block access by the unauthorized, non-802.1X device
by using one of the following options:

■

If 802.1X authentication is disabled on the port, use these command
syntaxes to enable it and allow only an 802.1X-aware device:

aaa port-access authenticator e < port-list >

Enables 802.1X authentication on the port.

aaa port-access authenticator e < port-list > control auto

Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.

■

If 802.1X authentication is enabled on the port, but set to authorized
(Force Authorized), use this command syntax to allow only an 802.1X-
aware
device:

aaa port-access authenticator e < port-list > control auto

Forces the port to accept only a device that supports 802.1X
and supplies valid credentials.

8-33