Filter
Top Products
Security
Configuring 802.1X
269 Cisco Small Business 200 Series Smart Switch Administration Guide
17
Defining Host and Session Authentication
The Host and Session Authentication page enables defining the mode in which
802.1X operates on the port and the action to perform if a violation has been
detected.
The 802.1X modes are:
• Single—Only a single authorized host can access the port. (Port Security
cannot be enabled on a port in single-host mode.)
• Multiple Host (802.1X)—Multiple hosts can be attached to a single 802.1X-
enabled port. Only the first host must be authorized, and then the port is
open for all who want to access the network. If the host authentication fails,
or an EAPOL-logoff message is received, all attached clients are denied
access to the network.
• Multiple Sessions—Enables the number of specific authorized hosts to
access the port. Each host is treated as if it were the first and only user and
must be authenticated. Filtering is based on the source MAC address.
To define 802.1X advanced settings for ports:
STEP 1 Click Security > 802.1X > Host and Session Authentication.
802.1X authentication parameters are described for all ports. All fields except the
following are described in the Edit Host and Session Authentication page.
• Status—Displays the host status. An asterisk indicates that the port is either
not linked or is down. The options are:
- Unauthorized—Either the port control is Force Unauthorized and the
port link is down, or the port control is Auto but a client has not been
authenticated via the port.
- Force-Authorized—Clients have full port access.
- Single-host Lock—Port control is Auto and only a single client has been
authenticated by using the port.
- No Single Host—Port control is Auto and Multiple Hosts mode is enabled.
At least one client has been authenticated.
- Not in Auto Mode—Auto port control is not enabled.
• Number of Violations—Displays the number of packets that arrive on the
interface in single-host mode, from a host whose MAC address is not the
supplicant MAC address.