Allied Telesis AT-S63 User Manual

AT-S63 Management Software Web Browser User’s Guide

Section VI: Port Security

229

Server Timeout

Sets the timer used by the switch to
determine authentication server timeout
conditions. The default value for this
parameter is 30 seconds. The range is 1
to 600 seconds.

Control Direction

Specifies how the port handles ingress
and egress broadcast and multicast
packets when in the unauthorized state.
When a port is set to the Authenticator
role, it remains in the unauthorized state
until the client logs on by providing a
username and password combination. In
the unauthorized state, the port only
accepts EAP packets from the client. All
other ingress packets that the port might
receive from the client, including multicast
and broadcast traffic, are discarded until
the supplicant has logged in. The options
are:

Ingress - A port, when in the unauthorized
state, discards all ingress broadcast and
multicast packets from the client, but
forwards all egress broadcast and
multicast traffic to the same client.

Both - A port, when in the unauthorized
state, does not forward ingress or egress
broadcast and multicast packets from or
to the client until the client logs in. This is
the default.

Piggyback Mode

Controls who can use the switch port in
cases where there are multiple clients
(e.g., the port is connected to an Ethernet
hub). If set to enabled, the port allows all
clients on the port to piggy-back onto the
initial client’s authentication. The port
forwards all packets, regardless of the
client, after one client has been
authenticated. If set to Disabled, the
switch port forwards only those packets
from the client who was authenticated and
discards packets from all other users.

Table 41. 802.1 Authenticator Port Parameters

Parameter

Definition