The 802.1x port-based authentication is supported in two
topologies:
- Point-to-point
- Wireless LAN
In a point-to-point configuration, only one client can be connected to
the 802.1x-enabled switch port. The switch detects the client when the port
link state changes to the up state. If a client leaves or is replaced with
another client, the switch changes the port link state to down, and the port
returns to the unauthorized state.
Figure
shows
802.1x-port based authentication in a wireless LAN. The 802.1x port is
configured as a multiple-host port that becomes authorized as soon as one
client is authenticated. When the port is authorized, all other hosts
indirectly attached to the port are granted access to the network. If the port
becomes unauthorized the switch denies access to the network to all of the
attached clients. The port could become unauthorized if re-authentication fails
or an EAPOL-logoff message is received. In this topology, the wireless access
point is responsible for authenticating the clients attached to it, and the
wireless access point acts as a client to the switch.