port-access onboarding-method concurrent
Syntax
port-access onboarding-method concurrent <enable | disable>
Description
Configures all methods to start concurrently for faster onboarding process. If authentication priority is not configured when enabling concurrent onboarding, the priority will be 802.1x followed by mac-auth and device-profile.
Default priority for concurrent onboarding is 802.1x followed by mac-auth and device-profile.
When enabling concurrent onboarding on the port, existing clients will be de-authenticated and freshly onboarded concurrently.
When concurrent onboarding is enabled, then auth-precedence will be ignored.
If concurrent onboarding is configured, the client will stay in pre-auth role till it gets succeeded by one authentication method or gets failed by all the authentication methods.
When the authentication method with the highest priority fails, the profile of the next successful authentication method is applied.
If all methods fail, the reject or critical role is applied based on the 802.1X authentication failure reason and continues to reauthenticate with the 802.1X method.
Reauthentication will be triggered for all high priority methods and not just the final successful authentication method.
Some RADIUS server may block the client when it receives two requests, mac-auth and 802.1X, from the same client at the same time. This is because the RADIUS server allows only one authentication request. In such cases, concurrent onboarding is not feasible. To prevent such scenarios, configure auth-precedence with auth-priority.
Command context
config-if
Parameters
enable
Enable clients to be onboarded concurrently.
disable
Disable clients to be onboarded concurrently.
Authority
Administrators or local user group members with execution rights for this command.
Examples
On the 6400 Switch Series, interface identification differs.
Enabling concurrent onboarding on a port:
Disabling concurrent onboarding on a port:
Sample configuration: