If the host fails authentication for the designated number of times, the authenticator places the
port in authentication failed VLAN (dot1x auth-fail-vlan).
NOTE: You can create the Layer 3 portion of a guest VLAN and authentication fail VLANs
regardless if the VLAN is assigned to an interface or not. After an interface is assigned a
guest VLAN (which has an IP address), routing through the guest VLAN is the same as any
other traffic. However, the interface may join/leave a VLAN dynamically.
Related
Commands
• dot1x auth-fail-vlan
• dot1x reauthentication
• dot1x reauth-max
• show dot1x interface
dot1x host-mode
Enable single-host or multi-host authentication.
C-Series, E-Series, S-Series, S4810
Syntax
dot1x host-mode {single-host | multi-host | multi-auth}
Parameters
single-host Enable single-host authentication.
multi-host Enable multi-host authentication.
multi-auth Enable multi-supplicant authentication.
Defaults single-host
Command Modes INTERFACE
Command History
Version 8.3.12.0 Introduced on the S4810.
Version 8.4.1.0 Added the multi-auth option on the C-Series and S-Series.
Version 8.3.2.0 Added the single-host and multi-host options on the C-
Series, E-Series, and S-Series.
Usage
Information
• Single-host mode authenticates only one host per authenticator port and drops all
other traffic on the port.
• Multi-host mode authenticates the first host to respond to an Identity Request and then
permits all other traffic on the port.
• Multi-supplicant mode authenticates every device attempting to connect to the
network on the authenticator port.
Related
Commands
show dot1x interface
200
To Next Page
Loading...
