46-15
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 46 Configuring IEEE 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
This example shows how to set 5 as the number of times that the router sends an EAP-request/identity
request before restarting the authentication process:
Router(config-if)# dot1x max-req 5
Enabling Multiple Hosts
You can attach multiple hosts to a single 802.1X-enabled port as shown in Figure 46-3 on page 46-5. In
this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted
network access. If the port becomes unauthorized (reauthentication fails or an EAPOL-logoff message
is received), all attached clients are denied access to the network.
To allow multiple hosts (clients) on an 802.1X-authorized port that has the dot1x port-control interface
configuration command set to auto, perform this task:
This example shows how to enable 802.1X on Fast Ethernet interface 5/1 and to allow multiple hosts:
Router(config)# interface fastethernet 5/1
Router(config-if)# dot1x port-control auto
Router(config-if)# dot1x host-mode multi-host
Resetting the 802.1X Configuration to the Default Values
To reset the 802.1X configuration to the default values, perform this task:
Step 3
Router(config-if)# end
Returns to privileged EXEC mode.
Step 4
Router# show dot1x all
Verifies your entries.
1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
Command Purpose
Command Purpose
Step 1
Router(config)# interface
type
1
slot/port
1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
Selects an interface to configure.
Step 2
Router(config-if)# dot1x host-mode multi-host
Allows multiple hosts (clients) on an 802.1X-authorized
port.
Note Make sure that the dot1x port-control interface
configuration command set is set to auto for the
specified interface.
Router(config-if)# dot1x host-mode single-host
Disables multiple hosts on the port.
Step 3
Router(config-if)# end
Returns to privileged EXEC mode.
Step 4
Router# show dot1x interface
type
1
slot/port
Verifies your entries.
Command Purpose
Step 1
Router(config)# interface
type
1
slot/port
Selects an interface to configure.
Step 2
Router(config-if)# dot1x default
Resets the configurable 802.1X parameters to the default
values.