Enabling 802.1X authentication on selected ports

This task configures the individual ports you want to operate as 802.1X authenticators for point-to-point links to 802.1X-aware clients or switches, and consists of two steps:

  1. Enabling the selected ports as authenticators.
  2. Specifying either user-based or port-based 802.1X authentication.

(Actual 802.1X operation does not commence until you perform step 5 to activate 802.1X authentication on the switch.)


If you enable 802.1X authentication on a port, the switch automatically disables LACP on that port. However, if the port is already operating in an LACP trunk, you must remove the port from the trunk before you can configure it for 802.1X authentication.

  • Enable the Selected Ports as Authenticators and Enable the (Default) Port-Based Authentication
    [no] aaa port-access authenticator <port-list>
  • Enables specified ports to operate as 802.1X authenticators and enables port-based authentication. (To enable user-based authentication, execute this command first, and then execute the client-limit <port-list> version of this command described in the next section.) The no form of the command removes 802.1X authentication from <port-list>. To activate configured 802.1X operation, you must enable 802.1X authentication. See Enable 802.1X Authentication on the Switch.