5.3.2 Limiting the number of authentications
You can limit the number of authenticated users across all Layer 2 authentication types.
Authenticated users can be limited:
-
Per port
-
Per switch
- <Structure of this section>
(1) Per-Port Authentication Limit
You can use the authentication max-user command to set the maximum number of authentication sessions allowed on a port. An authentication error occurs when the number of users authenticated by Layer 2 authentication exceeds the maximum number set for the port.
(2) Limits on the number of authentications per switch
You can use the authentication max-user command to set the maximum number of authenticated users allowed on a Switch. An authentication error occurs when the total number of authenticated users exceeds the maximum number set for the Switch.
(3) Layer 2 authentication for which you can set an authentication count limit
The following table describes which Layer 2 authentication types support port-level and switch-level restrictions on the number of authenticated users.
Functionality |
IEEE802.1X |
Web Authentication |
MAC-based Authentication |
|||
---|---|---|---|---|---|---|
Fixed VLAN mode |
Dynamic VLAN mode |
Fixed VLAN mode |
Dynamic VLAN mode |
Fixed VLAN mode |
Dynamic VLAN mode |
|
Limited number of port-based authentication |
OK # |
OK # |
OK |
OK |
OK |
OK |
Limited number of switch-based authentication |
OK # |
OK # |
OK |
OK |
OK |
OK |
Legend: OK: Can be set
- #
-
Does not apply to terminals whose communication is restricted. For details, see Section 6.2.9 "Communication Restriction of Authenticated Terminal".