Working with Multiple Devices
The operation declared in the above-mentioned area is the absence on all Cisco Catalyst
switches, and it is alleged single-authentication (single-auth) mode. Single-auth approach is, in
effect, back 802.1X is enabled on any ports through the afterward configuration:
dot1x port-control auto
Single-Auth Mode
Single-auth approach works the aforementioned way back hubs are acclimated and the aforementioned rules administer as
when a supplicant is affiliated anon to the authenticator. For example, with the default
mode in place, afterwards a MAC abode is accurate and added to the Layer 2 table, any
other host apparent on the anchorage causes a aegis violation. As a result, the arrangement is not
compromised if a hub is absorbed to a about-face port. If hubs are a call in an 802.1X
network, you charge accept the aberration amid a hub and a switch. By design,
switches that accede with 802.1D abandon EAPOL frames. The MAC address
0180.c200.0003, aloof for 802.1X, is additionally one of the 16 addresses aloof by IEEE
802.1D in the BPDU block. Accessories that accede with 802.1D cannot advanced frames sent
to addresses in the BPDU block. For this reason, the cartography alone works if the accessory is a
hub or transceiver, as Figure 17-5 shows.
Figure 17-5 802.1X Frames Not Bridgeable by a Switch
Operationally, single-auth approach is a perceived account of any 802.1X deployment, because
it mitigates the deployment of rogue devices, such as hubs.
ab-cd-ef-12-34-56
X
DA = 01-80-c2-00-00-03