05-27-2020 11:27 AM
Hello All,
I am trying to get individual devices (workstations/laptops etc) to be able to each authenticate via 802.1x (through switch to radius server) using one port. Imagine multiple devices attached to a dummy switch, then the one connection between the dummy switch and the cisco switch, and then cisco switch to radius server.
Multiple-Hosts mode works as it only authenticates one device and the rest are let on without using 802.1x. This is not what i would like.
I am using Multiple-Sessions mode along with port-security to try and have the switch pass every device to my radius server. Currently it will only pass one device to the Radius server for authentication. All other devices, their request doesn't even reach the Radius server.
With 802.1X, am I allowed only one authenticated device (MAC address) per switchport on the switch?
I have dynamic MAC addressing turned on with the ports allowed to learn enough addresses to cover the usage. Turning off port-security for testing produced no results. I have tried 802.1X with MAC authentication with no joy.
Also, the connection from the Radius server and the cisco switch is fine. Other than this situation, everything works. Really would just like to be able to authenticate multiple devices through just one switch port.
Solved! Go to Solution.
07-15-2020 08:23 AM
I was able to to accomplish this once I updated the firmware. I used multi-sessions mode. In that mode i can authenticate multiple users/devices (filters via mac address) coming into one port against our RADIUS server. The switch tracks everyone via the MAC address and everything works. Thanks all for help!
05-27-2020 05:59 PM
I believe what you are referring too is multi authentication host mode. Each device must authenticate separately for access and can have multiple devices on one port dot1x is enforced.
05-28-2020 05:05 AM
Thank you for the reply!
Ok, on the switch (SG500X) i do not see that available, the firmware is old though. I will try this and get back with results/mark solved. Thanks again!
05-28-2020 05:35 AM
Yes, you are correct that i need to use multi authentication. Unfortunately, it does not seem to be supported by the switch. Will get with cisco to confirm.
07-15-2020 08:23 AM
I was able to to accomplish this once I updated the firmware. I used multi-sessions mode. In that mode i can authenticate multiple users/devices (filters via mac address) coming into one port against our RADIUS server. The switch tracks everyone via the MAC address and everything works. Thanks all for help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide