Reference Guide
802.1X | 123
When Multi-host mode authentication is configured, the first client to respond to an identity request is
authenticated, and subsequent responses are still ignored, but since the authenticator expects the possibility
of multiple responses, no system log is generated. After the first supplicant is authenticated, all end-users
attached to the authorized port are allowed to access the network.
If the authorized port becomes unauthorized due to re-authentication failure or the supplicant sends an
EAPOL logoff frame, all attached end-users are denied access to the network.
When the host mode is changed on a port that is already authenticated:
• Single-host to Multi-host: all devices attached to the port that were previously blocked may access
the network; the supplicant does not re-authenticate.
• Multi-host to Single-host: the port restarts the authentication process, and the first end-user to
respond is authenticated and allowed access.
Task Command Syntax Command Mode
Configure Multi-host Authentication mode on a port.
Enter no dot1x host-mode to return to Single-host mode.
dot1x host-mode multi-host
Default: Single-host mode
INTERFACE
FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized
FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1
802.1x information on Gi 2/1:
-----------------------------
Dot1x Status: Enable
Port Control: FORCE_AUTHORIZED
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Enable
Guest VLAN id: 200
Auth-Fail VLAN: Enable
Auth-Fail VLAN id: 100
Auth-Fail Max-Attempts: 5
Tx Period: 90 seconds
Quiet Period: 120 seconds
ReAuth Max: 10
Supplicant Timeout: 15 seconds
Server Timeout: 15 seconds
Re-Auth Interval: 7200 seconds
Max-EAP-Req: 10
Host Mode: MULTI_HOST
Auth PAE State: Initialize
Backend State: Initialize