Chapter 31
Configuring 802.1x Authentication
Enabling Multiple Hosts
You can enable a specific port to allow multiple-user access. When a port is enabled for multiple users,
and a host that is connected to that port is authorized successfully, any host (with any MAC address) is
allowed to send and receive traffic on that port. If you then connect multiple hosts to that port through a
hub, you can reduce the security level on that port.
To enable multiple-user access on a specific port, perform this task in privileged mode:
Task
Enable multiple hosts on a specific port.
This example shows how to enable access for multiple hosts on port 1 on module 4:
Console> (enable) set port dot1x 4/1 multiple-host enable
Port 4/1 multiple hosts allowed.
Disabling Multiple Hosts
You can disable multiple-user access on any port where it is enabled.
To disable multiple-user access on a specific port, perform this task in privileged mode:
Task
Disable multiple hosts on a specific port.
This example shows how to disable access for multiple hosts on port 1 on module 4:
Console> (enable) set port dot1x 4/1 multiple-host disable
Port 4/1 multiple hosts not allowed.
Setting the Quiet Period
When the authenticator cannot authenticate the host, it remains idle for a set period of time and then tries
again. The idle time is determined by the quiet-period value. (The default is 60 seconds.) You may set
the value from 0–65,535 seconds.
To set the value for the quiet period, perform this task in privileged mode:
Task
Set the quiet-period value.
This example shows how to set the quiet period to 45 seconds:
Console> (enable) set dot1x quiet-period 45
dot1x quiet-period set to 45 seconds.
78-15486-01
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide
Configuring 802.1x Authentication on the Switch
Command
set port dot1x mod/port multiple-host enable
Command
set port dot1x mod/port multiple-host disable
Command
set dot1x quiet-period seconds
—
Release 8.1
31-11