Product guide

ManualsBrandsProCurve ManualsComputer equipment6200yl

471

472

473

474

475

476

477

478

479

480

13-24

Configuring Port-Based and User-Based Access Control (802.1X)

Configuring Switch Ports as 802.1X Authenticators

7. Optional: Configure 802.1X Controlled Directions

After you enable 802.1X authentication on specified ports, you can use the aaa

port-access controlled-directions command to configure how a port transmits

traffic before it successfully authenticates a client and enters the authenti-

cated state.

As documented in the IEEE 802.1X standard, an 802.1X-aware port that is

unauthenticated can control traffic in either of the following ways:

■ In both ingress and egress directions by disabling both the reception of

incoming frames and transmission of outgoing frames

■ Only in the ingress direction by disabling only the reception of incoming

frames.

Prerequisite. As documented in the IEEE 802.1X standard, the disabling of

incoming traffic and transmission of outgoing traffic on an 802.1X-aware

egress port in an unauthenticated state (using the aaa port-access controlled-

directions in command) is supported only if:

■ The port is configured as an edge port in the network using the spanning-

tree edge-port command.

■ The 802.1s Multiple Spanning Tree Protocol (MSTP) or 802.1w Rapid

Spanning Tree Protocol (RSTP) is enabled on the switch. MSTP and RSTP

improve resource utilization while maintaining a loop-free network.

For information on how to configure the prerequisites for using the aaa port-

access controlled-directions in command, see Chapter 4, “Multiple Instance

Spanning-Tree Operation” in the Advanced Traffic Management Guide.

Wake-on-LAN Traffic

The Wake-on-LAN feature is used by network administrators to remotely

power on a sleeping workstation (for example, during early morning hours to

perform routine maintenance operations, such as patch management and

software updates).

Syntax: aaa port-access <port-list > controlled-directions <both | in>

both (default): Incoming and outgoing traffic is blocked on

an 802.1X-aware port before authentication occurs.

in: Incoming traffic is blocked on an 802.1X-aware port

before authentication occurs. Outgoing traffic with

unknown destination addresses is flooded on

unauthenticated 802.1X-aware ports.