Option for authenticator ports: configure port-security to allow only 802.1X-authenticated devices

If 802.1X authentication is disabled on a port or set to authorized (Force Authorize), the port can allow access to an unauthenticated client. Port-Security operates with 802.1X authentication only if the selected ports are configured as 802.1X with the control mode in the port-access authenticator command set to auto (the default setting). For example, if port 10 was at a nondefault 802.1X setting and you wanted to configure it to support the port-security option, you would use the following aaa port-access command:

Port-access support for port-security operation

switch(config)# aaa port-access authenticator 10 control auto
switch(config)# show port-access authenticator 10 config

Port Access Authenticator Configuration

Port-access authenticator activated [No] : Yes
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No

     | Re-auth Access  Max  Quiet  TX      Supplicant Server  Cntrl
Port | Period  Control Reqs Period Timeout Timeout    Timeout Dir
---- + ------- ------- ---- ------ ------- ---------- ------- -----
10   | No      Auto    2    60     30      30         30      both