Allied Telesis AT-S63 User Manual
Page 740
Chapter 31: 802.1x Port-based Network Access Control
740
Section VII: Port Security
9 - Max Requests
This parameter specifies the maximum number of times that the switch
retransmits an EAP Request packet to the client before it times out the
authentication session. The default value for this parameter is 2
retransmissions. The range is 1 to 10 retransmissions.
A - Control Direction
This parameter specifies how the port handles ingress and egress
broadcast and multicast packets when in the unauthorized state. When
a port is set to the authenticator role, it remains in the unauthorized
state until a client logs on by providing a username and password
combination. In the unauthorized state, the port only accepts EAP
packets from the client. All other ingress packets that the port might
receive from the client, including multicast and broadcast traffic, is
discarded until the supplicant has logged in. The options are:
Ingress - A port, when in the unauthorized state, discards all ingress
broadcast and multicast packets from the client, but forwards all
egress broadcast and multicast traffic to the same client.
Both - A port, when in the unauthorized state, does not forward ingress
or egress broadcast and multicast packets from or to the same client
until the client logs in. This is the default.
Note
This parameter is only available when the authenticator’s mode is
set to Single. When set to Multiple, a port does not forward ingress
or egress broadcast or multicast packets until at least one client has
logged on.
B - Piggyback Mode
This parameter controls who can use the switch port in cases where
there are multiple clients using the port (e.g., the switch port is
connected to an Ethernet hub). If set to enabled, the port allows all
clients on the port to piggy-back onto the initial client’s authentication,
forwarding all packets after one client is authenticated. If set to
Disabled, the switch port forwards only those packets from the client
who is authenticated and discards packets from all other users.
Note
This parameter is only available when the authenticator’s mode is
set to Single. For further information, refer to “Authenticator Ports
with Single and Multiple Supplicants” on page 724.
7. Repeat this procedure starting with Step 4 to configure additional
authenticator ports on the switch.
8. After making changes, type R until you return to the Main Menu. Then
type S to select Save Configuration Changes.