802.1X | 123Multi-Host AuthenticationMulti-Host Authentication is available on platforms: c et s802.1x assumes that a single end-user is connected to a single authenticator port, as shown in Figure 7-15;this one-to-one mode of authentication is called Single-host mode. If multiple end-users are connected tothe same port, a many-to-one configuration, only the first end-user to respond to the identity request isauthenticated. Subsequent responses are ignored, and a system log is generated to indicate reception ofunexpected 802.1x frames. When a port is authorized, the authenticated supplicant MAC address isassociated with the port, and traffic from any other source MACs is dropped.Figure 7-15. Single-host Authentication ModeWhen multiple end-users are connected to a single authenticator port, Single-host mode authenticationdoes not authenticate all end-users, and all but one are denied access to the network. For these cases(Figure 7-16), FTOS offers Multi-host mode authentication.Figure 7-16. Multi-host Authentication ModeWhen Multi-host mode authentication is configured, the first client to respond to an identity request isauthenticated, and subsequent responses are still ignored, but since the authenticator expects the possibilityof multiple responses, no system log is generated. After the first supplicant is authenticated, all end-usersattached to the authorized port are allowed to access the network.If the authorized port becomes unauthorized due to re-authentication failure or the supplicant sends anEAPOL logoff frame, all attached end-users are denied access to the network.End-user Device Force10 switch RADIUS ServerEAP over LAN (EAPOL) EAP over RADIUSEnd-user DevicesForce10 switch RADIUS ServerEAP over LAN (EAPOL) EAP over RADIUS