Solved: Difference between 802.1x multi-host and 802.1x multi-auth

mrombouts · ‎12-01-2014

Hi,

This is a bit confusing for me. Does someone has an easy explanation?

What I understand and looked up for the moment (correct me if I'm wrong):

802.1x multi-host: Good for an AP or a phone setup. Port becomes authorized as soon as one client is authenticated. In this situation the AP or the phone. Aftherwards pc's have access without any further 802.1x action.

802.1x multi-auth: Multiple devices are allowed to independently authenticate through the same port. More secure? Is this good for next setup: I have a 802.1x port on the managed 24p switch, but the customer decides to plug in a non-managed 8p cheap switch on his desk where different pc's will be plugged in. So I have a 802.1x port on the Cisco switch connected to a non-managed 8p switch. I suppose 802.1x multi-host configuration is not a secure option here.

I don't know if I am clear enough. Don't hesitate to ask if not.

Thanks for your reply.

Karsten Iwen · ‎12-01-2014

You are right with your understanding.

Multi-Host is a valid solution if a power-user for example is using many VMs on his PC. After authenticating initially, all VMs can communicate with the network.
Multi-Auth is more secure because each MAC address accessing the network is controlled.

A very good overview on 802.1x and the configuration can be found on the Cisco IOS Quick Reference Guide for IBNS.

View solution in original post

Karsten Iwen · ‎12-01-2014

You are right with your understanding.

Multi-Host is a valid solution if a power-user for example is using many VMs on his PC. After authenticating initially, all VMs can communicate with the network.
Multi-Auth is more secure because each MAC address accessing the network is controlled.

A very good overview on 802.1x and the configuration can be found on the Cisco IOS Quick Reference Guide for IBNS.