Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
951
Views
0
Helpful
4
Replies

SG500X 802.1X question. Multiple devices each authenticated using one port....

Go to solution
jvezinat27
Level 1
Level 1

‎05-27-2020 11:27 AM

Hello All,

 

I am trying to get individual devices (workstations/laptops etc) to be able to each authenticate via 802.1x (through switch to radius server) using one port.  Imagine multiple devices attached to a dummy switch, then the one connection between the dummy switch and the cisco switch, and then cisco switch to radius server.

 

Multiple-Hosts mode works as it only authenticates one device and the rest are let on without using 802.1x.  This is not what i would like.

 

I am using Multiple-Sessions mode along with port-security to try and have the switch pass every device to my radius server.  Currently it will only pass one device to the Radius server for authentication.  All other devices, their request doesn't even reach the Radius server.

 

With 802.1X, am I allowed only one authenticated device (MAC address) per switchport on the switch?  

 

I have dynamic MAC addressing turned on with the ports allowed to learn enough addresses to cover the usage.  Turning off port-security for testing produced no results.  I have tried 802.1X with MAC authentication with no joy.

 

Also, the connection from the Radius server and the cisco switch is fine.  Other than this situation, everything works.  Really would just like to be able to authenticate multiple devices through just one switch port.  

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jvezinat27
Level 1
Level 1
In response to jvezinat27

‎07-15-2020 08:23 AM

I was able to to accomplish this once I updated the firmware.  I used multi-sessions mode.  In that mode i can authenticate multiple users/devices (filters via mac address) coming into one port against our RADIUS server.  The switch tracks everyone via the MAC address and everything works.  Thanks all for help!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
georgehewittuk1
Level 1
Level 1

‎05-27-2020 05:59 PM

I believe what you are referring too is multi authentication host mode. Each device must authenticate separately for access and can have multiple devices on one port dot1x is enforced. 

0 Helpful

Go to solution
jvezinat27
Level 1
Level 1
In response to georgehewittuk1

‎05-28-2020 05:05 AM

Thank you for the reply!

 

Ok, on the switch (SG500X) i do not see that available, the firmware is old though.  I will try this and get back with results/mark solved.  Thanks again!

0 Helpful

Go to solution
jvezinat27
Level 1
Level 1
In response to georgehewittuk1

‎05-28-2020 05:35 AM

Yes, you are correct that i need to use multi authentication.  Unfortunately, it does not seem to be supported by the switch.  Will get with cisco to confirm.

0 Helpful

Go to solution
jvezinat27
Level 1
Level 1
In response to jvezinat27

‎07-15-2020 08:23 AM

I was able to to accomplish this once I updated the firmware.  I used multi-sessions mode.  In that mode i can authenticate multiple users/devices (filters via mac address) coming into one port against our RADIUS server.  The switch tracks everyone via the MAC address and everything works.  Thanks all for help!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card