Option for authenticator ports: configure port-security to allow only 802.1X-authenticated devices
If 802.1X authentication is disabled on a port or set to
authorized
(Force Authorize), the port can allow access to an unauthenticated client. Port-Security operates with 802.1X authentication only if the selected ports are configured as 802.1X with the
control
mode in the port-access authenticator command set to auto (the default setting). For example, if port 10 was at a nondefault 802.1X setting and you wanted to configure it to support the port-security option, you would use the following
aaa port-access
command:
Port-access support for port-security operation
switch(config)# aaa port-access authenticator 10 control auto switch(config)# show port-access authenticator 10 config Port Access Authenticator Configuration Port-access authenticator activated [No] : Yes Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No | Re-auth Access Max Quiet TX Supplicant Server Cntrl Port | Period Control Reqs Period Timeout Timeout Timeout Dir ---- + ------- ------- ---- ------ ------- ---------- ------- ----- 10 | No Auto 2 60 30 30 30 both