beautypg.com

Dot1x operation- mode, Dot1x operation-mode – LevelOne GTL-2691 User Manual

Page 903

background image

C

HAPTER

28

| Authentication Commands

802.1X Port Authentication

– 903 –

dot1x operation-

mode

This command allows hosts (clients) to connect to an 802.1X-authorized

port. Use the no form with no keywords to restore the default to single

host. Use the no form with the multi-host max-count keywords to

restore the default maximum count.

S

YNTAX

dot1x operation-mode {single-host |

multi-host [max-count count] | mac-based-auth}

no dot1x operation-mode [multi-host max-count]

single-host – Allows only a single host to connect to this port.
multi-host – Allows multiple host to connect to this port.

max-count – Keyword for the maximum number of hosts.
count – The maximum number of hosts that can connect to a

port. (Range: 1-1024; Default: 5)

mac-based – Allows multiple hosts to connect to this port, with

each host needing to be authenticated.

D

EFAULT

Single-host

C

OMMAND

M

ODE

Interface Configuration

C

OMMAND

U

SAGE

The “max-count” parameter specified by this command is only effective

if the dot1x mode is set to “auto” by the

dot1x port-control

command.

In “multi-host” mode, only one host connected to a port needs to pass

authentication for all other hosts to be granted network access.

Similarly, a port can become unauthorized for all hosts if one attached

host fails re-authentication or sends an EAPOL logoff message.

In “mac-based-auth” mode, each host connected to a port needs to

pass authentication. The number of hosts allowed access to a port

operating in this mode is limited only by the available space in the

secure address table (i.e., up to 1024 addresses).

E

XAMPLE

Console(config)#interface eth 1/2

Console(config-if)#dot1x operation-mode multi-host max-count 10

Console(config-if)#