Allied Telesis AT-S63 User Manual

Chapter 30: 802.1x Port-based Network Access Control Commands

468

10 retransmissions and the default is 2.

ctrldirboth

Specifies how the port is to handle ingress and egress

broadcast and multicast packets when in the
unauthorized state. When a port is set to the
authenticator role, it remains in the unauthorized state
until the client logs on by providing a username and
password combination. In the unauthorized state, the
port accepts only EAP packets from the client. All other
ingress packets that the port might receive from the
client, including multicast and broadcast traffic, is
discarded until the supplicant has logged on.

You can use this selection to control how an

authenticator port handles egress broadcast and
multicast traffic when in the unauthorized state. You
can instruct the port to forward this traffic to the client,
even though the client has not logged on, or you can
have the port discard the traffic.

The options are:

ingress

An authenticator port, when in the

unauthorized state, discards all ingress
broadcast and multicast packets from the
client while forwarding all egress
broadbast and multicast traffic to the same
client. This is the default setting.

both

An authenticator port, when in the

unauthorized state, does not forward
ingress or egress broadcast and multicast
packets from or to the client until the client
has logged on.

reauthenabled

Controls whether the client must periodically
reauthenticate. The options are:

enabled

Specifies that the client must periodically
reauthenticate. This is the default
setting. The time period between
reauthentications is set with the
reauthperiod parameter.

disabled

Specifies that reauthentication by the
client is not required after the initial
authentication. Reauthentication is only
required if there is a change to the status
of the link between the supplicant and
the switch or the switch is reset or power
cycled.