Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5

231

232

233

234

235

236

237

238

239

240

2-185

Catalyst 4500 Se ries S wit ch C is co IO S C om mand R efer ence —Re lease I OS XE 3 .3.0 XO(1 5.1 (1)XO)

OL_28738-01

Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches

dot1x host-mode

no dot1x host-mode [multi-host | single-host | multi-domain}

Syntax Description

Defaults The default is sing le-host mode.

Command Modes Interface configur ation mode

Usage Guidelines Use this command to limit an IEEE 802.1X-enabled port to a single client o r to attach multiple clients

to an IEEE 802.1X-enabled port. In multiple-hosts mode, only one of the attached hosts needs to be

successfully authorized for all hosts to be granted network access. If the port becomes unauthorized

(re-authentication fails or an Extensible Authentication Protocol over LAN [EAPOL]-logoff message is

received), all attached clients are denied access to the network.

Use the multi-domain keyword to enable MDA on a port. MDA divides the port into both a data domain

and a voice domain. MDA allows both a data device and a voic e device, such as an IP phone (Ci sco or

non-Cisco), on the same IEEE 802.1x- enabled port.

Before entering this command, make sure that the dot1x port -contr ol interface configuration command

is set to auto for the specified port.

You can assign both voice and data VLAN dynamically from the ACS server. No additional

configuration is required to enable dynamic VLAN assignment on the switch.To enable VLAN

assignment, you must configur e the Cisco ACS server. For details on configu ring the ACS server for

voice VLAN assignment, refer to the “Cisco ACS Configuration for VLAN Assignment” section in the

Catalyst 4500 Series Switch Soft ware Configuration Guid e-Release, 12.2(5 2)SG.

Examples This example shows how to enable IEEE 802.1x authentication and to enable multiple-hosts mode:

Switch# configure t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# interface gigabitethernet6/1

Switch(config-if)# dot1x port-control auto

Switch(config-if)# dot1x host-mode multi-host

Switch(config-if)# end

Switch#

This example shows how to enable MDA and to allow both a host and a voice device on the port:

Switch# configure t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# interface FastEthernet6/1

Switch(config-if)# switchport access vlan 12

Switch(config-if)# switchport mode access

Switch(config-if)# switchport voice vlan 10

Switch(config-if)# dot1x pae authenticator

Switch(config-if)# dot1x port-control auto

Switch(config-if)# dot1x host-mode multi-domain

Switch(config-if)# no shutdown

multi-host Enables multiple-hosts mode on the switch.

single-host Enables single-h ost mode on the switch.

multi-domain Enables MDA on a switch port.