If 802.1X authentication is disabled on a port or set to authorized
(Force Authorize), the port can allow access to a non-authenticated client. Port-Security operates with 802.1X authentication only if the selected ports are configured as 802.1X with the control
mode in the port-access authenticator command set to auto (the default setting). For example, if port 10 was at a non-default 802.1X setting and you wanted to configure it to support the port-security option, you would use the following aaa port-access
command:
Port-access support for port-security operation
HP Switch(config)# aaa port-access authenticator 10 control auto HP Switch(config)# show port-access authenticator 10 config Port Access Authenticator Configuration Port-access authenticator activated [No] : Yes Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No | Re-auth Access Max Quiet TX Supplicant Server Cntrl Port | Period Control Reqs Period Timeout Timeout Timeout Dir ---- + ------- ------- ---- ------ ------- ---------- ------- ----- 10 | No Auto 2 60 30 30 30 both
|
|
NOTE: If 802.1X port-access is configured on a given port, then port-security |
|
|
In addition to the above, to use port-security on an authenticator port, use the per-port client-limit
option to control how many MAC addresses of 802.1X-authenticated devices the port is allowed to learn. (Using client-limit
sets 802.1X to user-based operation on the specified ports.) When this limit is reached, no further devices can be authenticated until a currently authenticated device disconnects and the current delay period or logoff period has expired.
Syntax:
Configures user-based 802.1X authentication on the specified ports and sets the number of authenticated devices the port is allowed to learn. For more on this command, see Configuring switch ports as 802.1X authenticators.
–or–
Syntax:
Configures port-based 802.1X authentication on the specified ports, which opens the port. (See User authentication methods.)