Re: Seperate 802.1x Authentication Session & Different User VLAN

dumlutimuralp · ‎01-09-2012

Hi all,

Does Cisco have the support for this ?

What I mean is, a hub is connected to a Cisco switchport (in access port mode).

802.1x is enabled on this port.

User A gets authentincated and gets assigned to VLAN X by Radius Server.

Then User B gets authenticated and gets assigned to VLAN Y by Radius server .

Both users are able to work on different VLANs on the same port ?

Thanks in advance.

camejia · ‎01-09-2012

Hello,

I do not think that is a supported scenario for 802.1x. Cisco Switches support the following modes:

•single-host—Single-host (client) on an IEEE 802.1X-authorized port.

•multi-host—Multiple-hosts on an 802.1X-authorized port after a authenticating a single host.

•multi-domain—Both a host and a voice device (such as an IP phone, Cisco or non-Cisco), to authenticate on an IEEE 802.1X-authorized port.

•multi-auth—Allows multiple hosts and a voice device, such as an IP phone (Cisco or non-Cisco), to be authenticated on an IEEE 802.1x-authorized port. This keyword requires Cisco IOS Release 12.2(50)SG or a later release.

The closest scenario to the one you described is "multi-host", however, the port will get authenticated/authorized as soon as the first client successfully authenticates on the hub. At that point all other connected clients will get "unanthenticated" (the first client was already authenticated) access to the network, therefore, getting the same VLAN ID as the same successfully authenticated client.

Hope this clarifies it.

Regards.

Seperate 802.1x Authentication Session & Different User VLANs Supported on an access port ?