Quick Reference Guide

PowerConnect B-Series TI24X Configuration Guide 931

53-1002269-02

How 802.1X port security works

Authenticating multiple hosts connected to the same port

Devices support 802.1X authentication for ports with more than one host connected to them.

Figure 121 illustrates a sample configuration where multiple hosts are connected to a single

802.1X port.

FIGURE 121 Multiple hosts connected to a single 802.1X-enabled port

By default, traffic from hosts that cannot be authenticated by the RADIUS server is dropped in

hardware. You can optionally configure the device to assign the port to a “restricted” VLAN if

authentication of the Client is unsuccessful.

How 802.1X Multiple-host authentication works

When multiple hosts are connected to a single 802.1X-enabled port on a device (as in Figure 121),

802.1X authentication is performed in the following way.

1. One of the 802.1X-enabled Clients attempts to log into a network in which a device serves as

an Authenticator.

2. The device creates an internal session (called a dot1x-mac-session) for the Client. A

dot1x-mac-session serves to associate a Client MAC address and username with its

authentication status.

3. The device performs 802.1X authentication for the Client. Messages are exchanged between

the device and the Client, and between the device and the Authentication Server (RADIUS

server). The result of this process is that the Client is either successfully authenticated or not

authenticated, based on the username and password supplied by the client.

4. If the Client is successfully authenticated, the Client dot1x-mac-session is set to

“access-is-allowed”. This means that traffic from the Client can be forwarded normally.

RADIUS Server

(Authentication Server)

Switch

(Authenticator)

Clients/Supplicants running 802.1X-compliant client software

e 1

192.168.9.22

Hub