34. 802.1X Port-Based AuthenticationMN700004 Rev 01 362Table 34-1 802.1X Supplicant ModesM o d e D e s c r i p t i o nSingle Host Only one supplicant may be authorized on a port. If several supplicantsrequest authorization, the first one that authenticates successfully isauthorized, and all the others are rejected without trying toauthenticate them. This is the default supplicant mode.Multiple Hosts More than one supplicant can be authorized on a port. The first onethat authenticates successfully unlocks the port and the othersupplicants have full access to the device services.Multiple Hosts/Per MACmodeMore than one supplicant can be authorized on a port. Each supplicantis authenticated individually. You can set a maximum number ofsupplicants per port. When this limit is reached, new supplicants arerejected without trying to authenticate them. The default setting forthis supplicant mode is no maximum limit.NOTE 802.1X supplicant modes can be set per port.Traffic Modes802.1X supports two traffic modes: Bi-directional traffic control and Unidirectional trafficcontrol. The table below shows the 802.1X traffic modes.Table 34-2 802.1X Traffic ModesM o d e D e s c r i p t i o nBi-directional trafficcontrolUnauthorized supplicants on locked ports have neither incoming noroutgoing traffic. This is the default traffic mode.Unidirectional trafficcontrolUnauthorized supplicants on locked ports have only incoming traffic.All outgoing traffic is rejected.NOTE 802.1X traffic modes are set globally on the switch.Ports in Authorized and Unauthorized StatesThe switch port state determines whether or not the supplicant is granted access to thenetwork. The port starts in the unauthorized state. While in this state, the port disallows allingress and egress traffic except for 802.1X protocol packets. When a supplicant is
