ProCurve Series 2300 and 2500 Switches Release Notes
46
Enhancements in Release F.05.xx
Configuring Port-Based Access Control (802.1x)
Note on Blocking a Non-802.1x Device
If the port’s 802.1x authenticator control mode is configured to authorized (as shown below, instead
of auto), then the first source MAC address from any device, whether 802.1x-aware or not, becomes
the only authorized device on the port.
aaa port-access authenticator < port-list > control authorized
With 802.1x authentication disabled on a port or set to authorized (Force Authorize), the port may
learn a MAC address that you don’t want authorized. If this occurs, you can block access by the
unauthorized, non-802.1x device by using one of the following options:
■ If 802.1x authentication is disabled on the port, use these command syntaxes to enable it and
allow only an 802.1x-aware device:
If 802.1x authentication is enabled on the port, but set to authorized (Force Authorized), use this
command syntax to allow only an 802.1x-aware
device:
aaa port-access authenticator e < port-list >
Enables 802.1x authentication on the port.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1x
and supplies valid credentials.
aaa port-access authenticator e < port-list > control auto
Forces the port to accept only a device that supports 802.1x
and supplies valid credentials.