46-7
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
About 802.1X Port-Based Authentication
Figure 46-3 Authentication Flowchart
802.1X Host Mode
The 802.1X port’s host mode determines whether more than one client can be authenticated on the port
and how authentication is enforced. You can configure an 802.1X port to use any of the five host modes
described in the following sections. In addition, each mode can be modified to allow preauthentication
open access:
• Single-Host Mode, page 46-8
• Multiple-Hosts Mode, page 46-8
• Multidomain Authentication Mode, page 46-8
• Multiauthentication Mode, page 46-9
133835
Ye s
No
Client
identity is
invalid
All authentication
servers are down.
Authentication
servers are up.
All authentication
servers are down.
Client
identity is
valid
The switch gets an
EAPOL message,
and the EAPOL
message exchange
begins.
Ye s No
1
1
1
1 = This occurs if the switch does not detect EAPOL packets from the client.
Client MAC
address
identity
is invalid.
Client MAC
address
identity
is valid.
Client IEEE
802.1x capable?
Start IEEE 802.1x port-based
authentication
Assign port to
critically authorized
VLAN
IEEE 802.1x authentication
process times out
Is MAC authentication
bypass enabled?
Assign port to
guest VLAN
Start
Done
Assign port to
VLAN
Done
Done
Assign port to
VLAN
Done
Assign port to
restricted VLAN
Done
Use MAC authentication
bypass
To Next Page
Loading...
Need help?
General
