CLI Guide
Security Commands 1078
The typical use case for multi-host mode is a wireless access point (AP)
connected to an access controlled port of a NAS. Once the access point is
authenticated by the NAS, the port is authorized for traffic from the access
point and all the wireless clients connected to the access point. Essentially,
the AP is a trusted device.
If it is desired that the AP connected hosts be authenticated in this mode,
the AP must implement a NAS capability and authenticate the clients to a
RADIUS server.
• multi-domain-multi-host—In this mode, one voice client and one data
client may authenticate on a port and be granted network access. However,
once a data client is authenticated, access over the data VLAN is
unrestricted and any device may utilize the data VLAN. Authentication to
the voice VLAN is supported and is restricted to the authenticating voice
device.
The typical use case is an IP phone connected to a NAS port and a Virtual
Machine Controller connected to the hub port of the IP phone. The
Virtual Machine Controller hosts multiple Virtual Machines. Both the VM
Controller and the IP phone need to be authenticated to access the
network services behind the NAS. The voice and data domains are
segregated. Once the VM Controller is authenticated, it allows traffic from
all the VMs hosted by the VM Controller.
• single-host—Only allow a single authenticated device access to the
network. No other hosts are allowed access to the network. Access is
enforced via the MAC address of the authenticating host. The
authenticated host must de-authenticate to allow a different host to
authenticate. Shutting down the port de-authenticates any authenticated
hosts.
Use switchport mode general to support RADIUS VLAN assignment for
the authenticating host.
Command History
Syntax added in version 6.6 firmware.
Example
The following example globally configures an interface to allow a single host
to authenticate.