34.
802.1X Port-Based Authentication
MN700004 Rev 01
362
Table 34-1 802.1X Supplicant Modes
M o d e D e s c r i p t i o n
Single Host
Only one supplicant may be authorized on a port. If several supplicants
request authorization, the first one that authenticates successfully is
authorized, and all the others are rejected without trying to
authenticate them. This is the default supplicant mode.
Multiple Hosts
More than one supplicant can be authorized on a port. The first one
that authenticates successfully unlocks the port and the other
supplicants have full access to the device services.
Multiple Hosts/Per MAC
mode
More than one supplicant can be authorized on a port. Each supplicant
is authenticated individually. You can set a maximum number of
supplicants per port. When this limit is reached, new supplicants are
rejected without trying to authenticate them. The default setting for
this supplicant mode is no maximum limit.
NOTE
802.1X supplicant modes can be set per port.
Traffic Modes
802.1X supports two traffic modes:
Bi-directional traffic control
and
Unidirectional traffic
control
. The table below shows the 802.1X traffic modes.
Table 34-2 802.1X Traffic Modes
M o d e D e s c r i p t i o n
Bi-directional traffic
control
Unauthorized supplicants on locked ports have neither incoming nor
outgoing traffic. This is the default traffic mode.
Unidirectional traffic
control
Unauthorized supplicants on locked ports have only incoming traffic.
All outgoing traffic is rejected.
NOTE
802.1X traffic modes are set globally on the switch.
Ports in Authorized and Unauthorized States
The switch port state determines whether or not the supplicant is granted access to the
network. The port starts in the
unauthorized
state. While in this state, the port disallows all
ingress and egress traffic except for 802.1X protocol packets. When a supplicant is