How 802.1x multiple client authentication works

When multiple clients are connected to a single 802.1x-enabled port on a router (as in Authentication of multiple clients connected to the same port), 802.1x authentication is performed in the following ways.

  1. One of the 802.1x-enabled clients attempts to log into a network in which a device serves as an Authenticator.
  2. The device performs 802.1x authentication for the client. Messages are exchanged between the device and the client, and between the device and the Authentication Server (RADIUS server). The result of this process is that the client is either successfully authenticated or not authenticated, based on the username and password supplied by the client.
  3. If the client is successfully authenticated, traffic from the client is forwarded normally.
  4. When the client disconnects from the network, the device marks the client as unauthorized and the status is displayed in the output of show dot1x session-info command with the interface ethernet options. This does not affect the authentication status (if any) of the other clients connected on the port.