Authentication Host-Mode - Cisco Catalyst 4500 Series Command Reference Manual
Cisco ios command reference
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages)
Table of Contents
Advertisement
authentication host-mode
authentication host-mode
To define the classification of a session that will be used to apply the access-policies in host-mode
configuration, use the authentication host-mode command in interface configuration mode. To return
to the default settings, use the no form of this command.
Syntax Description
single-host
multi-auth
multi-domain
multi-host
open
Command Default
This command has no default settings.
Command Modes
Interface configuration mode
Command History
Release
12.2(50)SG
Usage Guidelines
Single-host mode classifies the session as an interface session (for example, one MAC per interface).
Only one client is allowed on the port, and any policies that are downloaded for the client are applied to
the whole port. A security violation is triggered if more than one client is detected.
Multi-host mode classifies the session as an interface session, but the difference with this host-mode is
that it allows more than one client to attach to the port. Only the first client that is detected on the port
will be authenticated and the rest will inherit the same access as the first client. The policies that are
downloaded for the first client will be applied to the whole port.
Multi-domain mode classifies the session based on a combination of MAC address and domain, with the
restriction that only one MAC is allowed per domain. The domain in the switching environment refers
to the VLAN, and the two supported domains are the DATA domain and the voice domain. Only one
client is allowed on a particular domain. So, only two clients (MACs) per port are supported. Each one
is required to authenticate separately. Any policies that are downloaded for the client will be applied for
that client's MAC/IP only and will not affect the other on the same port. The clients can be authenticated
using different methods (such as 802.1X for PC, MAB for IP phone, or vice versa). No restriction exists
on the authentication order.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0SG and IOS 15.1(1)SG)
2-30
authentication host-mode {single-host | multi-auth | multi-domain | multi-host} [open]
[no] authentication host-mode {single-host | multi-auth | multi-domain | multi-host} [open]
Specifies the session as an interface session, and allows one client on the
port only. This is the default host mode when enabling 802.1X.
Specifies the session as a MAC-based session. Any number of clients are
allowed on a port in data domain and only one client in voice domain, but
each one is required to authenticate separately.
Specifies the session based on a combination of MAC address and domain,
with the restriction that only one MAC is allowed per domain.
Specifies the session as an interface session, but allows more than one client
on the port.
(Optional) Configures the host-mode with open policy on the port.
Modification
Support for this command was introduced.
Chapter 2
Cisco IOS Commands for the Catalyst 4500 Series Switches
OL-25342 -01
Advertisement
Chapters
Table of Contents
