Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch
919293949596979899100
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Critical VLAN: Disable
Critical VLAN id: NONE
Mac-Auth-Bypass: Disable
Mac-Auth-Bypass Only: Disable
Static-MAB: Disable
Static-MAB Profile: NONE
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: MULTI_HOST
Auth PAE State: Connecting
Backend State: Idle
Configuring Single-Host Authentication
To enable single-host authentication on a port, enter the dot1x host-mode single-host command in Interface mode.
Dell(conf-if-te-2/1)# dot1x host-mode single-host
Dell(conf-if-te-2/1)# do show dot1x interface tengigabitethernet 2/1
802.1x information on Te 2/1:
-----------------------------
Dot1x Status: Enable
Port Control: AUTO
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Disable
Guest VLAN id: NONE
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Critical VLAN: Disable
Critical VLAN id: NONE
Mac-Auth-Bypass: Disable
Mac-Auth-Bypass Only: Disable
Static-MAB: Disable
Static-MAB Profile: NONE
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: SINGLE_HOST
Auth PAE State: Connecting
Backend State: Idle
Multi-Supplicant Authentication
802.1X multi-supplicant authentication enables multiple devices on a single authenticator port to access the network by authenticating
each device. In addition, multi-supplicant authentication uses dynamic MAC-based VLAN assignment to place devices on different VLANs.
This feature is different from multi-host authentication in which multiple devices connected to a single authenticator port can access the
network after only the one device is authenticated, and all hosts are placed in the same VLAN as the authenticated device.
Multi-supplicant authentication is needed, for example, in the case of a workstation at which a VoIP phone and PC are connected to a
single authenticator port. Multi-host authentication could authenticate the first device to respond, and then both devices could access the
network. However, if you wanted to place them in different VLANs — a VoIP VLAN and a data VLAN — you would need to authenticate
the devices separately so that the RADIUS server can send each device’s VLAN assignment during that devices authentication process.
802.1X
97