IBM 12.1(22)EA6 User Manual
6-20
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 6 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
Configuring the Host Mode
Beginning in privileged EXEC mode, follow these steps to allow multiple hosts (clients) on an IEEE
802.1x-authorized port that has the dot1x port-control interface configuration command set to auto.
This procedure is optional.
802.1x-authorized port that has the dot1x port-control interface configuration command set to auto.
This procedure is optional.
To disable multiple hosts on the port, use the no dot1x host-mode multi-host interface configuration
command.
command.
This example shows how to enable a port to allow multiple hosts:
Switch(config)# interface gigabitethernet0/17
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-host
Configuring a Guest VLAN
When you configure a guest VLAN, clients that are not IEEE 802.1x-capable are put into the guest
VLAN when the server does not receive a response to its EAPOL request/identity frame. Clients that are
IEEE 802.1x-capable but fail authentication are not granted access to the network. The switch supports
guest VLANs in single-host or multiple-hosts mode.
VLAN when the server does not receive a response to its EAPOL request/identity frame. Clients that are
IEEE 802.1x-capable but fail authentication are not granted access to the network. The switch supports
guest VLANs in single-host or multiple-hosts mode.
You can enable optional guest VLAN behavior by using the dot1x guest-vlan supplicant global
configuration command. When enabled, the switch does not maintain the EAPOL packet history and
allows clients that fail authentication to access the guest VLAN, regardless of whether EAPOL packets
had been detected on the interface. Clients that fail authentication can access the guest VLAN.
configuration command. When enabled, the switch does not maintain the EAPOL packet history and
allows clients that fail authentication to access the guest VLAN, regardless of whether EAPOL packets
had been detected on the interface. Clients that fail authentication can access the guest VLAN.
Note
Depending on the switch configuration, this process can take from less than a minute to several minutes.
Beginning in privileged EXEC mode, follow these steps to configure a guest VLAN. This procedure is
optional.
optional.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the interface to which multiple hosts are indirectly attached, and
enter interface configuration mode.
enter interface configuration mode.
Step 3
dot1x host-mode multi-host
Allow multiple hosts (clients) on an IEEE 802.1x-authorized port.
Make sure that the dot1x port-control interface configuration command
set is set to auto for the specified interface.
set is set to auto for the specified interface.
Step 4
end
Return to privileged EXEC mode.
Step 5
show dot1x interface interface-id
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.