When multiple clients are connected to a single 802.1x-enabled port on a router (as in
Authentication of multiple clients connected to the same port), 802.1x authentication is performed in the following ways.
-
One of the 802.1x-enabled clients attempts to log into a network in which a device serves as an Authenticator.
-
The device performs 802.1x authentication for the client. Messages are exchanged between the device and the client, and between the device and the Authentication Server (RADIUS server). The result of this process is that the client is either successfully authenticated or not authenticated, based on the username and password supplied by the client.
-
If the client is successfully
authenticated, traffic from the client is forwarded normally.
-
When the client disconnects
from the network, the device marks the client as unauthorized and the status is
displayed in the output of show dot1x
session-info command with the interface
ethernet options. This does not affect the authentication
status (if any) of the other clients connected on the port.
