Configuring 802.1x Port-Based Authentication
Enabling multiple hosts

Multiple hosts can be attached to a single 802.1x-enabled port. In this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted network access. If the port becomes unauthorized, such as in the case that re-authentication fails or an EAPOL-logoff message is received, all attached clients are denied access to the network.

Beginning in privileged EXEC mode, follow these steps to allow multiple hosts on an 802.1x-authorized port that has the dot1x port-control interface configuration command set to auto. The commands used in this process are shown in Figure .

Step 1 Enter global configuration mode.
Step 2 Enter interface configuration mode, and specify the interface to which multiple hosts are indirectly attached.
Step 3 Allow multiple hosts on an 802.1x-authorized port with the dot1x multiple-hosts command. Make sure that the dot1x port-control interface configuration command set is set to auto for the specified interface.
Step 4 Return to privileged EXEC mode.
Step 5 Verify the configuration with the show dot1x interface interface-id command.

To disable multiple hosts on the port, use the no dot1x multiple-hosts interface configuration command.

The example in Figure shows how to enable 802.1x on FastEthernet interface 0/1 and to allow multiple hosts.