Table of Contents
Advertisement
802.1X Commands
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
authorized on the port. The
number of authorized hosts allowed on the port.
Each authorized client requires a TCAM rule. If there is no available space in the
TCAM, the authentication is rejected.
When using the dot1x host-mode command to change the port mode to
single-host or multi-host when authentication is enabled, the port state is set to
unauthorized.
If the dot1x host-mode command changes the port mode to multi-session when
authentication is enabled, the state of all attached hosts is set to unauthorized.
To change the port mode to single-host or multi-host, set the port (dot1x
port-control) to force-unauthorized, change the port mode to single-host or
multi-host, and set the port to authorization auto.
multi-sessions mode cannot be configured on the same interface together with
Policy Based VLANs configured by the following commands:
-
switchport general map protocol-group vlans
-
switchport general map macs-group vlans
Tagged traffic belonging to the unauthenticated VLANs is always bridged
regardless if a host is authorized or not.
When the guest VLAN is enabled, untagged and tagged traffic from unauthorized
hosts not belonging to the unauthenticated VLANs is bridged via the guest VLAN.
Traffic from an authorized hosts is bridged in accordance with the port static
configuration. A user can specify that untagged and tagged traffic from the
authorized host not belonging to the unauthenticated VLANs will be remapped to
a VLAN that is assigned by a RADIUS server during the authentication process.
See the
dot1x radius-attributes vlan
assignment at a port.
The switch does not remove from FDB the host MAC address learned on the port
when its authentication status is changed from authorized to unauthorized. The
MAC address will be removed after the aging timeout expires.
Example
switchxxxxxx(config)#
switchxxxxxx(config-if)#
dot1x max-hosts
command to enable RADIUS VLAN
interface gi11
dot1x host-mode multi-host
command can limit the maximum
3
92
Advertisement
Table of Contents
