Manualshelf

Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5
71727374757677787980
2-20
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL_28738-01
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
authentication control-direction
authentication co ntrol-direction
To change the port control to unidirectional or bidirectional, use the authentication control-direction
command in interface configuration mode. To return to the default setting, use the no form of this
command.
authentication control-direction {both | in}
no authentication control-direction
Syntax Description
Command Default both
Command Modes Interface configur ation mode
Usage Guidelines The authentication control-direction command replaces the following dot1x command, which is
deprecated in Cisco IOS Relea se 12.2(50)SG and later r eleases:
dot1x control-direction {both | in}
The IEEE 802.1X s tandard defines a c lient-ser ver-based a ccess contr ol and authenti cation pr otocol tha t
restricts unauthorized devices from connecting to a LAN through publicly accessible ports.
IEEE 802.1X controls network access by creating two distinct virtual access points at each port. One
access point is an uncontrolled port; the other is a controlled port. All traffic through the single port is
available to both access points. IEEE 802.1X authenticates each user device that connects to a switch
port and assigns the port to a VLAN before making available any services that a re offered by the switch
or the LAN. Until the device authenticates, 802.1X access control allows only Ext ensible Authe ntication
Protoco l (EAP) o ver LAN (EA POL) traffic t hrough the port to which the devi ce conne cts. Af ter
authentication succeeds, normal traffic can pass through the port.
Unidirectional state—When you configure a port as unidirectional with the
dot1x control-direction interface configuration command, the port changes to the spanning-tree
forwarding state.
When the unidirectional controlled port is enabled, the connected host is in sleeping mode or
power-down state. The host does not exchange traffic with other devices in the network. If the host
connected to the unidirectional port that cannot send traffic to the network, the host can only receive
traffic from ot her device s in the net work.
Bidir ectional state—Whe n you configure a port as bidir ectional with the dot1x control-direction
interface configuration command, the port is access-controlled in both directions. In this state, the
switch port sends only EAPOL.
Using the both keyword or using the no form of this command changes the port to its bidirectional
default setting.
Setting the port as bidirectional enables 802.1X authentication with Wake-on-LAN (WoL).
both Enables bidirectional contro l on the port.
in Enables unidirectional control on the port.