Filter
Top Products
802.1X | 125
Multi-Supplicant Authentication
Multi-Supplicant Authentication is available on platforms: c s
The 802.1X Multi-supplicant Authentication enables multiple devices on a single authenticator port to
access the network by authenticating each device. In addition, Multi-supplicant Authentication uses
dynamic MAC-based VLAN assignment to place devices on different VLANs. This feature is different
from Multi-host Authentication in which multiple devices connected to a single authenticator port can
access the network after only the one device is authenticated, and all hosts are placed in the same VLAN as
the authenticated device.
Multi-supplicant authentication is needed, for example, in the case of a workstation at which a VOIP phone
and PC are connected to a single authenticator port. Multi-host authentication could authenticate the first
device to respond, and then both devices could access the network. However, if you wanted to place them
in different VLANs—a VOIP VLAN and a data VLAN— you would need to authenticate the devices
separately so that the RADIUS server can send each device’s VLAN assignment during that devices
authentication process.
Task Command Syntax Command Mode
Configure Single-host Authentication mode on a port.
dot1x host-mode single-host
INTERFACE
FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized
FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1
802.1x information on Gi 2/1:
-----------------------------
Dot1x Status: Enable
Port Control: FORCE_AUTHORIZED
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Enable
Guest VLAN id: 200
Auth-Fail VLAN: Enable
Auth-Fail VLAN id: 100
Auth-Fail Max-Attempts: 5
Tx Period: 90 seconds
Quiet Period: 120 seconds
ReAuth Max: 10
Supplicant Timeout: 15 seconds
Server Timeout: 15 seconds
Re-Auth Interval: 7200 seconds
Max-EAP-Req: 10
Host Mode: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize