Chapter 7
| Authentication Commands
802.1X Port Authentication
– 245 –
mac-based – Allows multiple hosts to connect to this port, with each host
needing to be authenticated.
Default
Single-host
Command Mode
Interface Configuration
Command Usage
◆ The “max-count” parameter specified by this command is only effective if the
dot1x mode is set to “auto” by the dot1x port-control command.
◆ In “multi-host” mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access. Similarly, a port
can become unauthorized for all hosts if one attached host fails re-
authentication or sends an EAPOL logoff message.
◆ In “mac-based-auth” mode, each host connected to a port needs to pass
authentication. The number of hosts allowed access to a port operating in this
mode is limited only by the available space in the secure address table (i.e., up
to 1024 addresses).
Example
Console(config)#interface eth 1/2
Console(config-if)#dot1x operation-mode multi-host max-count 10
Console(config-if)#
dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore
the default.
Syntax
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control
auto – Requires a dot1x-aware connected client to be authorized by the
RADIUS server. Clients that are not dot1x-aware will be denied access.
force-authorized – Configures the port to grant access to all clients, either
dot1x-aware or otherwise.
force-unauthorized – Configures the port to deny access to all clients,
either dot1x-aware or otherwise.
Default
force-authorized
To Next Page
Loading...
