Reference Guide
334 802.1X Commands
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\CLI Folders\Dell Plasma-ARC
2+3\new_system_mifs_ARC2_latest\802_1X.fm
DELL CONFIDENTIAL – PRELIMINARY 4/3/14 - FOR PROOF ONLY
If this command changes the port mode to multi-session when
authentication is enabled, the state of all attached hosts is set to
unauthorized.
To change the port mode to single-host or multi-host, set the port (
dot1x
port-control
) to force-unauthorized, change the port mode to single-host or
multi-host, and set the port to authorization auto.
Multi-sessions mode cannot be configured on the same interface together
with policy-based VLANs configured by
switchport general map protocols-
group vlan
.
Tagged traffic belonging to the unauthenticated VLANs is always bridged
regardless of whether a host is authorized or not.
When the guest VLAN is enabled, untagged and tagged traffic from
unauthorized hosts not belonging to the unauthenticated VLANs, is bridged
via the guest VLAN.
Traffic from an authorized hosts is bridged in accordance with the port static
configuration. A user can specify that untagged and tagged traffic from the
authorized host not belonging to the unauthenticated VLANs will be
remapped to a VLAN that is assigned by a RADIUS server during the
authentication process. See the
dot1x radius-attributes vlan
command to
enable RADIUS VLAN assignment at a port.
The switch does not remove from the FDB the host MAC address learned on
the port when its authentication status is changed from authorized to
unauthorized. The MAC address will be removed after the aging timeout
expires.
Example
console(config)#
interface
gi0/1
console(config-if)#
dot1x host-mode multi-host
dot1x max-hosts
Use the dot1x max-hosts Interface Configuration command to configure the
maximum number of authorized hosts allowed on an interface. Use the no
format of the command to return to the default.