Cisco Systems 3750E Manual De Usuario
10-28
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
OL-9775-02
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
Configuring the Host Mode
Beginning in privileged EXEC mode, follow these steps to allow multiple hosts (clients) on an
IEEE 802.1x-authorized port that has the dot1x port-control interface configuration command set to
auto. Use the multi-domain keyword to configure and enable multidomain authentication (MDA),
which allows both a host and a voice device, such as an IP phone (Cisco or non-Cisco), on the same
switch port. This procedure is optional.
IEEE 802.1x-authorized port that has the dot1x port-control interface configuration command set to
auto. Use the multi-domain keyword to configure and enable multidomain authentication (MDA),
which allows both a host and a voice device, such as an IP phone (Cisco or non-Cisco), on the same
switch port. This procedure is optional.
To disable multiple hosts on the port, use the no dot1x host-mode multi-host interface configuration
command.
command.
This example shows how to enable IEEE 802.1x authentication and to allow multiple hosts:
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-host
This example shows how to enable MDA and to allow both a host and a voice device on the port:
Switch(config)# interface gigabitethernet3/0/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-domain
Switch(config-if)# switchport voice vlan 101
Switch(config-if)# end
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the port to which multiple hosts are indirectly attached, and enter
interface configuration mode.
interface configuration mode.
Step 3
dot1x host-mode {multi-host |
multi-domain}
multi-domain}
Allow multiple hosts (clients) on an IEEE 802.1x-authorized port.
The keywords have these meanings:
•
multi-host–Allow multiple hosts on an IEEE 802.1x-authorized port
after a single host has been authenticated.
after a single host has been authenticated.
•
multi-domain–Allow both a host and a voice device, such as an IP
phone (Cisco or non-Cisco), to be authenticated on an
IEEE 802.1x-authorized port.
phone (Cisco or non-Cisco), to be authenticated on an
IEEE 802.1x-authorized port.
Note
You must configure the voice VLAN for the IP phone when the
host mode is set to multi-domain. For more information, see
host mode is set to multi-domain. For more information, see
Make sure that the dot1x port-control interface configuration command
set is set to auto for the specified interface.
set is set to auto for the specified interface.
Step 4
end
Return to privileged EXEC mode.
Step 5
show dot1x interface interface-id
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.