802.1X Port Authentication
25-29
25
dot1x operation-mode
This command allows single or multiple hosts (clients) to connect to an
802.1X-authorized port. Use the no form with no keywords to restore the default to
single host. Use the no form with the multi-host max-count keywords to restore the
default maximum count.
Syntax
dot1x operation-mode {single-host | multi-host [max-count count] |
mac-based-auth}
no dot1x operation-mode [multi-host max-count]
• single-host – Allows only a single host to connect to this port.
• multi-host – Allows multiple hosts to connect to this port, with only one host
needing to be authenticated.
• max-count – Keyword for the maximum number of hosts.
count – The maximum number of hosts that can connect to a port.
(Range: 1-1024; Default: 5)
• mac-based-auth – Allows multiple hosts to connect to this port, with each
host needing to be authenticated.
Default
Single-host
Command Mode
Interface Configuration
Command Usage
• The “max-count” parameter specified by this command is only effective if the
dot1x mode is set to “auto” by the dot1x port-control command (page 4-105).
• In “multi-host” mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access. Similarly, a
port can become unauthorized for all hosts if one attached host fails
re-authentication or sends an EAPOL logoff message.
• In “mac-based-auth” mode, each host connected to a port needs to pass
authentication. The number of hosts allowed access to a port operating in this
mode is limited only by the available space in the secure address table (i.e.,
up to 1024 addresses).
Example
Console(config)#interface eth 1/2
Console(config-if)#dot1x operation-mode multi-host max-count 10
Console(config-if)#
To Next Page
Loading...
