Users Guide
Port Control: AUTO
Re-Authentication: Disable
Guest VLAN: Disable
Guest VLAN id: NONE
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Critical VLAN: Disable
Critical VLAN id: NONE
Mac-Auth-Bypass: Disable
Mac-Auth-Bypass Only: Disable
Static-MAB: Disable
Static-MAB Profile: NONE
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: MULTI_AUTH
Max-Supplicants: 128
Port status and State info for Supplicant: 7a:d9:d9:7d:00:00
Port Auth Status: AUTHORIZED
Untagged VLAN id: 400
Auth PAE State: Authenticated
Backend State: Idle
Port status and State info for Supplicant: 7a:d9:d9:7d:00:01
Port Auth Status: AUTHORIZED
Untagged VLAN id: 400
Auth PAE State: Authenticated
Backend State: Idle
Restricting Multi-Supplicant Authentication
To restrict the number of devices that 802.1X can authenticate on a port in multi-supplicant (multi-auth)
mode, enter the dot1x max-supplicants number command in Interface mode. By default, the maximum
number of multi-supplicant devices is 128.
Dell(conf-if-te-2/1)# dot1x max-supplicants 4
MAC Authentication Bypass
MAC authentication bypass (MAB) enables you to provide MAC-based security by allowing only known MAC
addresses within the network using a RADIUS server.
802.1X-enabled clients can authenticate themselves using the 802.1X protocol. Other devices that do not use
802.1X — like IP phones, printers, and IP fax machines — still need connectivity to the network. The guest
VLAN provides one way to access the network. However, placing trusted devices on the quarantined VLAN is
not the best practice. MAB allows devices that have known static MAC addresses to be authenticated using
802.1X 122