Cisco Systems 2960 Manual De Usuario
10-47
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To disable multiple hosts on the port, use the no authentication host-mode or the no dot1x host-mode
multi-host interface configuration command.
multi-host interface configuration command.
This example shows how to enable 802.1x authentication and to allow multiple hosts:
Switch(config)# interface gigabitethernet2/0/1
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-host
Switch(config-if)# end
This example shows how to enable MDA and to allow both a host and a voice device on the port:
Switch(config)# interface gigabitethernet2/0/1
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x host-mode multi-domain
Switch(config-if)# switchport voice vlan 101
Switch(config-if)# end
Step 4
authentication host-mode [multi-auth |
multi-domain | multi-host |
single-host]
multi-domain | multi-host |
single-host]
or
dot1x host-mode {single-host |
multi-host | multi-domain}
multi-host | multi-domain}
The keywords have these meanings:
•
multi-auth–Allow one client on the voice VLAN and multiple
authenticated clients on the data VLAN. Each host is individually
authenticated.
authenticated clients on the data VLAN. Each host is individually
authenticated.
Note
The multi-auth keyword is only available with the
authentication host-mode command.
authentication host-mode command.
•
multi-host–Allow multiple hosts on an 802.1x-authorized port after
a single host has been authenticated.
a single host has been authenticated.
•
multi-domain–Allow both a host and a voice device, such as an IP
phone (Cisco or non-Cisco), to be authenticated on
an 802.1x-authorized port.
phone (Cisco or non-Cisco), to be authenticated on
an 802.1x-authorized port.
Note
You must configure the voice VLAN for the IP phone when the
host mode is set to multi-domain. For more information, see
host mode is set to multi-domain. For more information, see
•
single-host–Allow a single host (client) on an 802.1x-authorized
port.
port.
Make sure that the authentication port-control or dot1x port-control
interface configuration command set is set to auto for the specified
interface.
interface configuration command set is set to auto for the specified
interface.
Step 5
switchport voice vlan vlan-id
(Optional) Configure the voice VLAN.
Step 6
end
Return to privileged EXEC mode.
Step 7
show authentication interface
interface-id
interface-id
or
show dot1x interface interface-id
Verify your entries.
Step 8
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose