Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch
101102103104105106107108109110
Mac-Auth-Bypass Only: Disable
Static-MAB: Disable
Static-MAB Profile: NONE
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: SINGLE_HOST
Auth PAE State: Connecting
Backend State: Idle
Multi-Supplicant Authentication
802.1X multi-supplicant authentication enables multiple devices on a single authenticator port to access the network by
authenticating each device. In addition, multi-supplicant authentication uses dynamic MAC-based VLAN assignment to place
devices on different VLANs. This feature is different from multi-host authentication in which multiple devices connected to a
single authenticator port can access the network after only the one device is authenticated, and all hosts are placed in the same
VLAN as the authenticated device.
Multi-supplicant authentication is needed, for example, in the case of a workstation at which a VoIP phone and PC are
connected to a single authenticator port. Multi-host authentication could authenticate the first device to respond, and then
both devices could access the network. However, if you wanted to place them in different VLANs a VoIP VLAN and a data
VLAN you would need to authenticate the devices separately so that the RADIUS server can send each devices VLAN
assignment during that devices authentication process.
During the authentication process, the switch is able to learn the MAC address of the device though the EAPoL frames, and the
VLAN assignment from the RADIUS server. With this information it creates an authorized-MAC-to-VLAN mapping table per
port. Then, the system can tag all incoming untagged frames with the appropriate VLAN-ID based on the table entries.
Configuring Multi-Supplicant Authentication
To enable multi-supplicant authentication on a port, enter the dot1x host-mode multi-auth command in Interface mode.
To return to the default single-host authentication mode, enter the no dot1x host-mode command. To verify the currently
configured authentication mode, enter the show dot1x interface command.
Dell(conf-if-te-1/3)# dot1x host-mode multi-auth
Dell(conf-if-te-1/3)# do show dot1x interface tengigabitethernet 0103
802.1x information on Te 0/0:
-----------------------------
Dot1x Status: Enable
Port Control: AUTO
Re-Authentication: Disable
Guest VLAN: Disable
Guest VLAN id: NONE
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Critical VLAN: Disable
Critical VLAN id: NONE
Mac-Auth-Bypass: Disable
Mac-Auth-Bypass Only: Disable
Static-MAB: Disable
Static-MAB Profile: NONE
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: MULTI_AUTH
Max-Supplicants: 128
802.1X
101