Allied Telesis AT-S63 User Manual
Page 577
AT-S63 Management Software Menus User’s Guide
Section VIII: Port Security
577
specified in the initial authentication, regardless of the VLAN
assignments of subsequent authentications.
C - Control Direction
This parameter specifies how the port handles ingress and egress
broadcast and multicast packets when in the unauthorized state. When
a port is set to the authenticator role, it remains in the unauthorized
state until a client logs on by providing a username and password
combination. In the unauthorized state, the port only accepts EAP
packets from the client. All other ingress packets that the port might
receive from the client, including multicast and broadcast traffic, is
discarded until the supplicant has logged in. The options are:
Ingress: A port, when in the unauthorized state, discards all
ingress broadcast and multicast packets from the client, but
forwards all egress broadcast and multicast traffic to the same
client.
Both: A port, when in the unauthorized state, does not forward
ingress or egress broadcast and multicast packets from or to the
same client until the client logs in. This is the default.
Note
This parameter is only available when the authenticator’s mode is
set to Single. When set to Multiple, a port does not forward ingress
or egress broadcast or multicast packets until at least one client has
logged on.
D - Piggyback Mode
This parameter controls who can use the switch port in cases where
there are multiple clients using the port (e.g., the switch port is
connected to an Ethernet hub). If set to enabled, the port allows all
clients on the port to piggy-back onto the initial client’s authentication,
forwarding all packets after one client is authenticated. If set to
Disabled, the switch port forwards only those packets from the client
who is authenticated and discards packets from all other users.
Note
This parameter is only available when the authenticator’s mode is
set to Single.
E - Guest VLAN
This parameter specifies the name or VID of a Guest VLAN. The
authenticator port is a member of a Guest VLAN when no supplicant is
logged on. Clients do not log on to access a Guest VLAN. To remove a
Guest VLAN without assigning a new one, enter “none”.
7. Repeat this procedure starting with Step 4 to configure additional
authenticator ports on the switch.