When the host mode is changed on a port that is already authenticated:
•
Single-host to Multi-host: all devices attached to the port that were previously blocked may access
the network; the supplicant does not re-authenticate.
•
Multi-host to Single-host: the port restarts the authentication process, and the first end-user to
respond is authenticated and allowed access.
Task
Configure Multi-host Authentication mode on a port.
no dot1x host-mode
Enter
mode.
FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized
FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1
802.1x information on Gi 2/1:
-----------------------------
Dot1x Status:
Port Control:
Port Auth Status:
Re-Authentication:
Untagged VLAN id:
Guest VLAN:
Guest VLAN id:
Auth-Fail VLAN:
Auth-Fail VLAN id:
Auth-Fail Max-Attempts:
Tx Period:
Quiet Period:
ReAuth Max:
Supplicant Timeout:
Server Timeout:
Re-Auth Interval:
Max-EAP-Req:
Host Mode:
Auth PAE State:
Backend State:
124
|
802.1X
to return to Single-host
Enable
FORCE_AUTHORIZED
UNAUTHORIZED
Disable
None
Enable
200
Enable
100
5
90 seconds
120 seconds
10
15 seconds
15 seconds
7200 seconds
10
MULTI_HOST
Initialize
Initialize
Command Syntax
dot1x host-mode multi-host
Default: Single-host mode
Command Mode
INTERFACE