Chapter 54: 802.1x Port-based Network Access Control
Authenticator Port Operating Modes
Single Host Mode
Multiple Host
Mode
722
The switch supports three authenticator modes:
Single host mode
Multiple host mode
Multiple supplicant mode
An authenticator port set to the single host mode permits only one
supplicant to log on and forwards only the traffic of that supplicant. After
one supplicant has logged on, the port discards packets from any other
supplicant.
In Figure 121, port 6 is an authenticator port set to the single host mode. It
permits only one supplicant to log on and forwards the traffic of just that
supplicant.
Port 6
Role: Authenticator
Operating Mode: Single Host
Mode
This mode permits multiple clients on an authenticator port. An
authenticator mode forwards packets from all clients once one client has
successfully logged on. This mode is typically used in situations where
you want to add 802.1x port-based network access control to a switch port
that is supporting multiple clients, but do not want to create individual
accounts for all the clients on the RADIUS server.
This is referred to as "piggy-backing." After one client has successfully
logged, the port permits the other clients to piggy-back onto the initial
client's log on, so that they can forward packets through the port without
being authentication.
Note, however, that should the client who performed the initial log on fail to
Authenticated Client
Figure 121. Single Host Mode
AT-9000/28
Gigabit Ethernet Switch with 4 Combo SFP Ports
MODE
CONSOLE
PWR
COL
SYS
SPD
DUP
ACT
SELECT
RS-232
1451
RADIUS
Authentication
Server
Section VIII: Port Security