HP 4100GL User Manual

Configuring Port-Based Access Control (802.1x)
Option For Authenticator Ports: Configure Port-Security To Allow Only 802.1x Devices

N o t e o n

If the port’s 802.1x authenticator

control mode is configured to authorized (as

B l o c k i n g a N o n -

shown below, instead of

auto), then the first source MAC address from any

8 0 2 . 1 x D e v i c e

device, whether 802.1x-aware or not, becomes the only authorized device on
the port.

aaa port-access authenticator < port-list > control authorized

With 802.1x authentication disabled on a port or set to

authorized (Force

Authorize), the port may learn a MAC address that you don’t want authorized.
If this occurs, you can block access by the unauthorized, non-802.1x device
by using one of the following options:

■

If 802.1x authentication is disabled on the port, use these command
syntaxes to enable it and allow only an 802.1x-aware device:

aaa port-access authenticator e < port-list >

Enables 802.1x authentication on the port.

aaa port-access authenticator e < port-list > control auto

Forces the port to accept only a device that supports 802.1x
and supplies valid credentials.

If 802.1x authentication is enabled on the port, but set to authorized (Force
Authorized), use this command syntax to allow only an 802.1x-aware
device:

aaa port-access authenticator e < port-list > control auto

Forces the port to accept only a device that supports 802.1x
and supplies valid credentials.

6-32