10-27
Configuring Port-Based and User-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
■ The 802.1s Multiple Spanning Tree Protocol (MSTP) or 802.1w Rapid
Spanning Tree Protocol (RSTP) is enabled on the switch. MSTP and RSTP
improve resource utilization while maintaining a loop-free network.
For information on how to configure the prerequisites for using the aaa port-
access controlled-directions in command, see Chapter 4, “Multiple Instance
Spanning-Tree Operation” in the Advanced Traffic Management Guide.
Wake-on-LAN Traffic
The Wake-on-LAN feature is used by network administrators to remotely
power on a sleeping workstation (for example, during early morning hours to
perform routine maintenance operations, such as patch management and
software updates).
The aaa port-access controlled-direction in command allows Wake-on-LAN
traffic to be transmitted on an 802.1X-aware egress port that has not yet
transitioned to the 802.1X authenticated state; the controlled-direction both
setting prevents Wake-on-LAN traffic to be transmitted on an 802.1X-aware
egress port until authentication occurs.
Note Although the controlled-direction in setting allows Wake-on-LAN traffic to
traverse the switch through unauthenticated 802.1X-aware egress ports, it
does not guarantee that the Wake-on-LAN packets will arrive at their destina-
tion. For example, firewall rules on other network devices and VLAN rules
may prevent these packets from traversing the network.
Operating Notes
■ Using the aaa port-access controlled-directions in command, you can enable
the transmission of Wake-on-LAN traffic on unauthenticated egress ports
that are configured for any of the following port-based security features:
• 802.1X authentication
• MAC authentication
• Web authentication
Syntax: aaa port-access <port-list > controlled-directions <both | in>
both (default): Incoming and outgoing traffic is blocked on
an 802.1X-aware port before authentication occurs.
in: Incoming traffic is blocked on an 802.1X-aware port
before authentication occurs. Outgoing traffic with
unknown destination addresses is flooded on
unauthenticated 802.1X-aware ports.
