Allied Telesis AT-S63 User Manual
Page 743
AT-S63 Management Software Menus Interface User’s Guide
Section VII: Port Security
743
On: Specifies that only those supplicants with the same VLAN
assignment as the initial supplicant are authenticated. Supplicants
with a different or no VLAN assignment are denied entry to the
port. This is the default setting.
Off: Specifies that all supplicants, regardless of their assigned
VLANs, are authenticated. However, the port remains in the VLAN
specified in the initial authentication, regardless of the VLAN
assignments of subsequent authentications.
For further information, refer to “Supplicant and VLAN Associations” on
page 729.
C - Control Direction
This parameter specifies how the port handles ingress and egress
broadcast and multicast packets when in the unauthorized state. When
a port is set to the authenticator role, it remains in the unauthorized
state until a client logs on by providing a username and password
combination. In the unauthorized state, the port only accepts EAP
packets from the client. All other ingress packets that the port might
receive from the client, including multicast and broadcast traffic, is
discarded until the supplicant has logged in. The options are:
Ingress: A port, when in the unauthorized state, discards all
ingress broadcast and multicast packets from the client, but
forwards all egress broadcast and multicast traffic to the same
client.
Both: A port, when in the unauthorized state, does not forward
ingress or egress broadcast and multicast packets from or to the
same client until the client logs in. This is the default.
Note
This parameter is only available when the authenticator’s mode is
set to Single. When set to Multiple, a port does not forward ingress
or egress broadcast or multicast packets until at least one client has
logged on.
D - Piggyback Mode
This parameter controls who can use the switch port in cases where
there are multiple clients using the port (e.g., the switch port is
connected to an Ethernet hub). If set to enabled, the port allows all
clients on the port to piggy-back onto the initial client’s authentication,
forwarding all packets after one client is authenticated. If set to
Disabled, the switch port forwards only those packets from the client
who is authenticated and discards packets from all other users.