Configuration Guide Vol. 2

7.1.5 Configuring Authentication Mode Options

This section describes how to configure authentication mode options and parameters.

<Structure of this section>

(1) Restricting the number of authenticated terminals

Points to note

Limit the maximum number of authenticated users per authentication unit. For IEEE802.1X authentication, this function is enabled when terminal authentication mode is set for the authentication submode.

Command examples

  1. (config)# interface gigabitethernet 1/0/1

    (config-if)# dot1x multiple-authentication

    (config-if)# dot1x port-control auto

    (config-if)# dot1x max-supplicant 50

    Specifies 50 as the maximum number of authenticated users permitted at port 1/0/1.

(2) Switch setting of terminal detection operation

The Switch sends EAP-Request/Identity packets to the multicast address at the interval specified by the tx-period command to prompt terminals to begin an authentication sequence. This procedure specifies what form of authentication sequence takes place when a terminal that is already authenticated responds to an EAP-Request/Identity packet. By default, such terminals do not participate in authentication.

Points to note

In shortcut mode, the authentication sequence is abbreviated to reduce the load on the Switch. In disable mode, the switch does not send regular EAP-Request/Identity packets in an environment where authenticated terminals are present. full mode is intended for environments where supplicants that cannot cope with an abbreviated authentication sequence attempt authentication. Note that full mode places a higher burden on the switch and must be used with caution. In auto mode, the switch does not send an EAP-Request/Identity message to the multicast address. Instead, the switch sends EAP-Request/Identity messages only to terminals from which it receives an arbitrary packet.

Command examples

  1. (config)# interface gigabitethernet 1/0/1

    (config-if)# dot1x multiple-authentication

    (config-if)# dot1x port-control auto

    (config-if)# dot1x supplicant-detection disable

    Configures the switch to stop transmitting EAP-Request/Identity messages when an authenticated terminal is present at port 1/0/1.

[Product name label]

All Rights Reserved, Copyright(C), 2022, 2023, ALAXALA Networks, Corp.