Users Guide
Security Commands 1074
• multi-host—Allow multiple hosts access to the network on an
authenticated interface. One host must authenticate on the interface to
allow access to other hosts.
• multi-domain-multi-host—Allow one data device and one voice device to
authenticate. Once the data device is authenticated, unrestricted access to
the data VLAN for any host is allowed.
• single-host—Allow a single authenticated device access to the network.
Default Configuration
By default, the interface port-control mode is multi-domain-multi-host.
Command Mode
Interface (Ethernet) Configuration mode
User Guidelines
Changing the host mode on an interface causes any currently authenticated
client sessions on the interface to be terminated.
The host modes are implemented as follows:
• multi-auth—Allow multiple hosts to authenticate individually on the
interface. Hosts may authenticate to the data VLAN or the voice VLAN.
Port access is enforced by examining the source MAC address of the
incoming packets.
A typical use case is a wireless access point which is connected to an
access-controlled port of a NAS, the wireless clients connected to the
access point also authenticate using the switch resources. The access point
must be configured to transparently pass EAPOL traffic.
Use switchport mode general to support RADIUS VLAN assignment for
hosts.
• multi-domain—In this mode, exactly one data client and one voice client
may be authenticated. The switch enforces this restriction by examining
the source MAC address of incoming packets.
The typical use case is an IP phone connected to a NAS port and a laptop
connected to the hub port of the IP phone. Both the devices must
authenticate to access the network. The voice and data domains are