Reference Guide
122 | 802.1X
www.dell.com | support.dell.com
Multi-Host Authentication
Multi-Host Authentication is available on platforms: c e
t
s
802.1x assumes that a single end-user is connected to a single authenticator port, as shown in Figure 9-6;
this one-to-one mode of authentication is called Single-host mode. If multiple end-users are connected to
the same port, a many-to-one configuration, only the first end-user to respond to the identity request is
authenticated. Subsequent responses are ignored, and a system log is generated to indicate reception of
unexpected 802.1x frames. When a port is authorized, the authenticated supplicant MAC address is
associated with the port, and traffic from any other source MACs is dropped.
Figure 9-6. Single-host Authentication Mode
When multiple end-users are connected to a single authenticator port, Single-host mode authentication
does not authenticate all end-users, and all but one are denied access to the network. For these cases
(Figure 9-7), FTOS offers Multi-host mode authentication.
Figure 9-7. Multi-host Authentication Mode
End-user Device
Dell Force10 switch
RADIUS Serv
er
EAP over LAN (EAPOL)
EAP over RADIUS
fnC0033mp
End-user Devices
Dell Force10 switch
RADIUS Serv
er
EAP over LAN (EAPOL)
EAP over RADIUS