4-21
Web and MAC Authentication
Configuring Web Authentication
Syntax: aaa port-access <port-list > controlled-directions <both | in>
— Continued —
Notes:
■ For information on how to configure the prerequisites for using
the aaa port-access controlled-directions in command, see Chapter 4,
“Multiple Instance Spanning-Tree Operation” in the Advanced
Traffic Management Guide.
■ To display the currently configured Controlled Directions value for
web-authenticated ports, enter the show port-access web-based
config command as shown in Figure 4-4.
■ The aaa port-access controlled-direction in command allows Wake-
on-LAN traffic to be transmitted on a web-authenticated egress
port that has not yet transitioned to the authenticated state; the
controlled-direction both setting prevents Wake-on-LAN traffic to be
transmitted on a web-authenticated egress port until authentica-
tion occurs.
The Wake-on-LAN feature is used by network administrators to
remotely power on a sleeping workstation (for example, during early
morning hours to perform routine maintenance operations, such as
patch management and software updates)
■ Using the aaa port-access controlled-directions in command, you can
enable the transmission of Wake-on-LAN traffic on unauthenticated
egress ports that are configured for any of the following port-based
security features:
• 802.1X authentication
• MAC authentication
• Web authentication
Because a port can be configured for more than one type of authenti-
cation to protect the switch from unauthorized access, the last setting
you configure with the aaa port-access controlled-directions command is
applied to all authentication methods configured on the switch.
For information about how to configure and use 802.1X authentica-
tion, refer to Chapter 13, “Configuring Port-Based and User-Based
Access Control (802.1X)”.
■ When a web-authenticated port is configured with the controlled-
directions in setting, eavesdrop prevention is not supported on the
port.
To Next Page
Loading...
