Configuring Port Settings for 802.1X
When 802.1X is enabled, you need to configure the parameters for the
authentication process that runs between the client and the switch (i.e.,
authenticator), as well as the client identity lookup process that runs between the
switch and authentication server. These parameters are described in this section.
Command Attributes
• Status – Indicates if authentication is enabled or disabled on the port.
(Default: Disabled)
• Operation Mode – Allows single or multiple hosts (clients) to connect to an
802.1X-authorized port. (Range: Single-Host, Multi-Host, MAC-Based; Default:
Single-Host)
- In Single-Host mode, only one host connected to a port can be authenticated for
network access.
- In Multi-Host mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access. Similarly, a port
can become unauthorized for all hosts if one attached host fails re-authentication
or sends an EAPOL logoff message. The number of hosts allowed access to a
port operating in this mode is determined by the Max Count attribute described
below.
- In MAC-Based mode, each host connected to a port needs to pass
authentication. The number of hosts allowed access to a port operating in this
mode is limited only by the available space in the secure address table (i.e., up
to 1024 addresses).
6-20
Configuring 802.1X Global Settings
The 802.1X protocol provides port authentication. The 802.1X protocol must be
enabled globally for the switch system before port settings are active.
Command Attributes
802.1X System Authentication Control
– Sets the global setting for 802.1X.
(Default: Disabled)
Web
– Select Security, 802.1X, Configuration. Enable 802.1X globally for the switch,
and click Apply.
Figure 6-10 802.1X Global Configuration
CLI
– This example enables 802.1X globally for the switch.
Console(config)#dot1x system-auth-control
Console(config)#
2
5
-
27
User Authentication
6