Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

dot1x authentication multi-host and open doesn't work as expected

Hi everybody.

I'm facing a bit of an issue with dot1x authentication on Cisco iOS 15. My knowhow might not be complete in this area (dot1x), so please eventually explain to me what I missed...

Now, the problem is as follows: on a couple of switchports there are some unmanaged 5- or 8-port switches. On all Catalyst switchports, I have following setup.

interface GigabitEthernet0/2

description Client-VLAN

switchport access vlan 10

switchport mode access

switchport voice vlan 40

no logging event link-status

authentication host-mode multi-host

authentication open

authentication order mab

authentication port-control auto

mab

dot1x pae authenticator

dot1x timeout quiet-period 1

dot1x timeout server-timeout 2

dot1x timeout tx-period 1

spanning-tree portfast

end

When more than 1 client is connected behind the tiny unmanaged switch, only the first one gets network connectivity, the others won't. Looking at the MAC address list of that port, I then see this:

vxs00a2#sh mac address-table int gi0/2

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

  10    0020.4a01.7302    DROP          Gi0/2

  10    00e0.c552.99c6    DYNAMIC     Gi0/2

  10    0020.4a01.7317    DROP          Gi0/2

Total Mac Addresses for this criterion: 3

My expectation would be, that all 3 devices get connected (Type DYNAMIC) because of the above config statement "authentication host-mode multi-host". Am I wrong with this assumption?

Many thanks for any help/clarifications...

Regards,

Flavio.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

dot1x authentication multi-host and open doesn't work as expecte

Hi

Try #authentication host-mode multi-auth

Maybe it works!!

Regards

Amir

4 REPLIES
New Member

dot1x authentication multi-host and open doesn't work as expecte

Hi

Try #authentication host-mode multi-auth

Maybe it works!!

Regards

Amir

New Member

dot1x authentication multi-host and open doesn't work as expecte

Hi Amir.

I don't need "multi-auth", I need "multi-host", please see:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_9_ea1/configuration/guide/scg/Sw8021x.html#wp1036333

Any other help/suggestions?

Regards,

F.

New Member

dot1x authentication multi-host and open doesn't work as expecte

i´m a bit confused about your port configuration. Are you using IP-Phones ? If so you have 2 possibilities.

authentication host-mode multi-domain. Means 1 IP-Phone and one PC.

authentication host-mode multi-auth. Means 1 IP-Phone and multiple hosts

With multi-hosts you can´t connect a IP-Phone.

Hope ist helps.

New Member

Hey everybody.Indeed the

Hey everybody.

Indeed the solution has been to use "multi-auth".

Thanks everybody!

F.

318
Views
0
Helpful
4
Replies