Figure 77: multiple host operating mode – Allied Telesis AT-FS970M Series User Manual

Chapter 18: 802.1x Port-based Network Access

204



Multiple host mode

This mode permits multiple supplicants on an authenticator port. An
authenticator host forwards packets from all supplicants once one
supplicant has successfully logged on. This mode is typically used in
situations where you want to add 802.1x port-based network access
control to a switch port that is supporting multiple supplicants, but do
not want to create individual accounts for all the supplicants on the
RADIUS server.

This is referred to as “piggy-backing.” After one supplicant has
successfully logged on, the port permits the other supplicants to piggy-
back onto the initial supplicant’s logon, so that they can forward
packets through the port without being authenticated.

Figure 77 is an example of this mode. Port 6 is connected to an
Ethernet hub or non-802.1x-compliant switch, which in turn is
connected to several supplicants. The switch does not forward the
supplicant traffic until one of the supplicants logs on. Afterwards, it
forwards the traffic of all the supplicants.

Figure 77. Multiple Host Operating Mode



Multiple supplicant mode

This mode authenticates all the supplicants on an authenticator port.
This mode is appropriate in situations where an authenticator port is
supporting more than one supplicant, and you want all supplicants to
be authenticated. A switch in this mode can support up to a maximum
of 208 supplicants.

RADIUS
Authentication
server

Port 6
Role: Authenticator
Operating Mode: Multiple host
mode

Ethernet hub or
non-802.1x-compliant
switch

Authenticated

Supplicant

Unauthenticated

Supplicants