Mac authentication bypass, Maximum number of allowed devices per port, And t – Dell POWEREDGE M1000E User Manual
Page 297
10-35
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-13270-03
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
the IEEE 802.1x authentication process (authentication timer inactivity or dot1x timeout
quiet-period and authentication timer reauthentication or dot1x timeout tx-period). The amount
to decrease the settings depends on the connected IEEE 802.1x client type.
•
When configuring the inaccessible authentication bypass feature, follow these guidelines:
–
The feature is supported on IEEE 802.1x port in single-host mode and multihosts mode.
–
If the client is running Windows XP and the port to which the client is connected is in the
critical-authentication state, Windows XP might report that the interface is not authenticated.
–
If the Windows XP client is configured for DHCP and has an IP address from the DHCP server,
receiving an EAP-Success message on a critical port might not re-initiate the DHCP
configuration process.
–
You can configure the inaccessible authentication bypass feature and the restricted VLAN on
an IEEE 802.1x port. If the switch tries to re-authenticate a critical port in a restricted VLAN
and all the RADIUS servers are unavailable, switch changes the port state to the critical
authentication state and remains in the restricted VLAN.
•
You can configure the inaccessible bypass feature and port security on the same switch port.
•
You can configure any VLAN except an RSPAN VLAN or a voice VLAN as an IEEE 802.1x
restricted VLAN. The restricted VLAN feature is not supported on internal VLANs (routed ports)
or trunk ports; it is supported only on access ports.
MAC Authentication Bypass
These are the MAC authentication bypass configuration guidelines:
•
Unless otherwise stated, the MAC authentication bypass guidelines are the same as the IEEE 802.1x
authentication guidelines. For more information, see the
“IEEE 802.1x Authentication” section on
.
•
If you disable MAC authentication bypass from a port after the port has been authorized with its
MAC address, the port state is not affected.
•
If the port is in the unauthorized state and the client MAC address is not the authentication-server
database, the port remains in the unauthorized state. However, if the client MAC address is added to
the database, the switch can use MAC authentication bypass to re-authorize the port.
•
If the port is in the authorized state, the port remains in this state until re-authorization occurs.
Maximum Number of Allowed Devices Per Port
This is the maximum number of devices allowed on an IEEE 802.1x-enabled port:
•
In single-host mode, only one device is allowed on the access VLAN. If the port is also configured with
a voice VLAN, an unlimited number of Cisco IP phones can send and receive traffic through the voice
VLAN.
•
In multidomain authentication (MDA) mode, one device is allowed for the access VLAN, and one
IP phone is allowed for the voice VLAN.
•
In multihost mode, only one IEEE 802.1x supplicant is allowed on the port, but an unlimited number
of non-IEEE 802.1x hosts are allowed on the access VLAN. An unlimited number of devices are
allowed on the voice VLAN.