MultiAuth authentication must be set to multi whenever multiple users of 802.1x need to be authenticated or whenever any non-802.1X authentication method is present. For ports where no authentication is present, such as switch to switch, or switch to router connections, you should also set MultiAuth port mode to force authenticate to assure that traffic is not blocked by a failed authentication. For purposes of this example, we will limit authentication to a maximum of 6 users per port.
The following CLI input:
System(rw)->set multiauth mode multi System(rw)->set multiauth port mode force-auth ge.1.5-7 System(rw)->set multiauth port numusers 6 ge.1.5-7 System(rw)->set multiauth port mode force-auth ge.1.19-24 System(rw)->set multiauth port numusers 6 ge.1.19-24
System(rw)->set multiauth trap system enabled System(rw)->set multiauth trap module enabled
This completes the MultiAuth authentication configuration piece for this example. Keep in mind that you would want to use the set multiauth precedence command, to specify which authentication method should take precedence, should you have a single user configured for multiple authentications on the same port.