5.3.3 Limiting the number of authentications
You can limit the number of authenticated users across all Layer 2 authentication types.
Authenticated users can be limited:
-
Per port
-
Per switch
- <Structure of this section>
(1) Per-Port Authentication Limit
You can use the authentication max-user command to set the maximum number of authentication sessions allowed on a port. An authentication error occurs when the number of users authenticated by Layer 2 authentication exceeds the maximum number set for the port.
(2) Limits on the number of authentications per switch
You can use the authentication max-user command to set the maximum number of authenticated users allowed on a Switch. An authentication error occurs when the total number of authenticated users exceeds the maximum number set for the Switch.
(3) Layer 2 authentication for which you can set an authentication count limit
The following table describes which Layer 2 authentication types support port-level and switch-level restrictions on the number of authenticated users.
|
Functionality |
IEEE802.1X |
Web Authentication |
MAC-based Authentication |
|||||
|---|---|---|---|---|---|---|---|---|
|
Port-based authentication |
VLAN-based authentication (static) |
VLAN-based authentication (dynamic) |
Fixed VLAN mode |
Dynamic VLAN mode |
Legacy mode |
Fixed VLAN mode |
Dynamic VLAN mode |
|
|
Limited number of port-based authentication |
OK #1 |
OK #1 |
OK #2 |
OK |
OK |
NG |
OK |
OK |
|
Limited number of switch-based authentication |
OK #1 |
OK #1 |
OK #2 |
OK |
OK |
NG |
OK |
OK |
Legend: OK: Supported, NG: Not supported
- Note #1
-
Does not apply to terminals whose communication is restricted. For details, see Section 6.2.9 "Communication Restriction of Authenticated Terminal".
- Note #2
-
These modes might be subject to limits on the number of authenticated users depending on how the Switch is configured. For more information, see 6.2.8 VLAN Per-Authentication (Dynamic) Operating Modes.