9-36
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-12247-04
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
MAC Authentication Bypass
These are the MAC authentication bypass configuration guidelines:
•
Unless otherwise stated, the MAC authentication bypass guidelines are the same as the 802.1x
authentication guidelines. For more information, see the
“802.1x Authentication” section on
•
If you disable MAC authentication bypass from a port after the port has been authorized with its
MAC address, the port state is not affected.
•
If the port is in the unauthorized state and the client MAC address is not the authentication-server
database, the port remains in the unauthorized state. However, if the client MAC address is added to
the database, the switch can use MAC authentication bypass to re-authorize the port.
•
If the port is in the authorized state, the port remains in this state until re-authorization occurs.
Maximum Number of Allowed Devices Per Port
This is the maximum number of devices allowed on an 802.1x-enabled port:
•
In single-host mode, only one device is allowed on the access VLAN. If the port is also configured with
a voice VLAN, an unlimited number of Cisco IP phones can send and receive traffic through the voice
VLAN.
•
In multidomain authentication (MDA) mode, one device is allowed for the access VLAN, and one
IP phone is allowed for the voice VLAN.
•
In multihost mode, only one 802.1x supplicant is allowed on the port, but an unlimited number of
non-802.1x hosts are allowed on the access VLAN. An unlimited number of devices are allowed on
the voice VLAN.
Configuring 802.1x Violation Modes
You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from
a new device when:
•
a device connects to an 802.1x-enable port
•
the maximum number of allowed about devices have been authenticated on the port
Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on
the switch:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
aaa new-model
Enable AAA.