Cisco Catalyst 4500 series Administration Manual page 1175
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 46
Configuring 802.1X Port-Based Authentication
Command
Step 4
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# [no]
authentication host-mode
{single-host | multi-host |
multi-domain} | multi-auth}
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# [no] dot1x
host-mode {single-host | multi-host
| multi-domain}
Step 5
Switch(config-if)# switchport voice
vlan vlan-id
Step 6
Switch(config-if)# end
Step 7
Switch# show dot1x interface
interface-id [detail]
Step 8
Switch# copy running-config
startup-config
This example shows how to enable 802.1X authentication and to allow multiple hosts:
Cisco IOS Release 12.2(50)SG and later
Switch(config)# interface gigabitethernet2/1
Switch(config-if)# authentication port-control auto
Switch(config-if)# authentication host-mode multi-host
Switch(config-if)# end
Cisco IOS Release 12.2(46)SG or earlier
Switch(config)# interface gigabitethernet2/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-host
Switch(config-if)# end
OL_28731-01
Purpose
The keywords allow the following:
•
single-host—Single-host (client) on an IEEE 802.1X-authorized
port.
•
multi-host—Multiple-hosts on an 802.1X-authorized port after a
authenticating a single host.
•
multi-domain—Both a host and a voice device (such as an IP phone,
Cisco or non-Cisco), to authenticate on an IEEE 802.1X-authorized
port.
You must configure a voice VLAN for an IP phone when the host
Note
mode is set to multi-domain. For more information, see
Chapter 43, "Configuring Voice Interfaces."
multi-auth—Allows multiple hosts and a voice device, such as an IP
•
phone (Cisco or non-Cisco), to be authenticated on an IEEE
802.1x-authorized port. This keyword requires Cisco IOS Release
12.2(50)SG or a later release.
Ensure that the dot1x port-control interface configuration command is
set to auto for the specified interface.
To disable multiple hosts on the port, use the
no authentication host-mode {multi-host | multi-domain | multi-auth}
interface configuration command (for earlier releases, use the
no dot1x host-mode {multi-host | multi-domain} interface
configuration command).
(Optional) Configures the voice VLAN.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Configuring 802.1X Port-Based Authentication
46-37
Advertisement
Chapters
Table of Contents
Troubleshooting
