AT-9000 Switch Command Line User’s Guide
Section VIII: Port Security 761
DOT1X CONTROL-DIRECTION
Syntax
dot1x control-direction in|both
Parameters
dir Specifies whether authenticator ports that are in the
unauthorized state should forward egress broadcast
and multicast traffic: The options are:
in Specifies that authenticator ports in the
unauthorized state should forward egress
broadcast and multicast traffic and discard the
ingress broadcast and multicast traffic. This is
the default setting.
both Specifies that authenticator ports in the
unauthorized state should discard both ingress
and egress broadcast and multicast traffic.
Mode
Port Interface mode
Description
Use this command to specify whether the switch should forward or discard
egress broadcast and multicast packets from authenticator ports that are
in the unauthorized state.
Generally, authenticator ports that are in the unauthorized state discard all
ingress and egress traffic, until a client logs on. There are, however, two
exceptions, one of which is the EAP packets that the clients and the
authenticator server exchange during the authentication process. If the
switch discarded these packets on ports that are in the unauthorized state,
clients would never be able to log on.
The other exception concerns broadcast and multicast packets.
Authenticator ports that are in the unauthorized state always discard
ingress packets of these types. However, authenticator ports can be
configured to forward egress broadcast and multicast packets even when
they are in the unauthorized state. This makes it possible for the
unauthorized clients on the ports to receive these packets. This is the
default setting for authenticator ports.
There are two options in this command, representing the two possible
settings. Authenticator ports that are set to the IN option forward egress
To Next Page
Loading...
