Multi-Supplicant Authentication - Dell Force10 C150 Configuration Manual

Task
Configure Single-host Authentication mode on a port.
FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized
FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1
802.1x information on Gi 2/1:
-----------------------------
Dot1x Status:
Port Control:
Port Auth Status:
Re-Authentication:
Untagged VLAN id:
Guest VLAN:
Guest VLAN id:
Auth-Fail VLAN:
Auth-Fail VLAN id:
Auth-Fail Max-Attempts:
Tx Period:
Quiet Period:
ReAuth Max:
Supplicant Timeout:
Server Timeout:
Re-Auth Interval:
Max-EAP-Req:
Host Mode:
Auth PAE State:
Backend State:

Multi-Supplicant Authentication

Multi-Supplicant Authentication
The 802.1X Multi-supplicant Authentication enables multiple devices on a single authenticator port to
access the network by authenticating each device. In addition, Multi-supplicant Authentication uses
dynamic MAC-based VLAN assignment to place devices on different VLANs. This feature is different
from Multi-host Authentication in which multiple devices connected to a single authenticator port can
access the network after only the one device is authenticated, and all hosts are placed in the same VLAN as
the authenticated device.
Multi-supplicant authentication is needed, for example, in the case of a workstation at which a VOIP phone
and PC are connected to a single authenticator port. Multi-host authentication could authenticate the first
device to respond, and then both devices could access the network. However, if you wanted to place them
in different VLANs—a VOIP VLAN and a data VLAN— you would need to authenticate the devices
separately so that the RADIUS server can send each device's VLAN assignment during that devices
authentication process.
Enable
FORCE_AUTHORIZED
UNAUTHORIZED
Disable
None
Enable
200
Enable
100
5
90 seconds
120 seconds
10
15 seconds
15 seconds
7200 seconds
10
SINGLE_HOST
Initialize
Initialize
is available on platforms:
Command Syntax
dot1x host-mode single-host
c s
Command Mode
INTERFACE
802.1X | 125