Controlled directions

• For information on how to configure the prerequisites for using the aaa port-access controlled-directions in command, see “Multiple Instance Spanning-Tree Operation” in the advanced traffic management guide for your switch.

• To display the currently configured controlled directions value for web-based authenticated ports, enter the show port-access web-based config command.

• The aaa port-access controlled-direction in command allows Wake-on-LAN traffic to be transmitted on a web-based authenticated egress port that has not yet transitioned to the authenticated state; the controlled-direction both setting prevents Wake-on-LAN traffic to be transmitted on a web-based authenticated egress port until authentication occurs. The Wake-on-LAN feature is used by network administrators to remotely power on a sleeping workstation (for example, during early morning hours to perform routine maintenance operations, such as patch management and software updates.)

• Using the aaa port-access controlled-directions in command, you can enable the transmission of Wake-on-LAN traffic on unauthenticated egress ports that are configured for any of the following port-based security features:

  • 802.1X authentication

  • MAC authentication

  • Web-based authentication

  Because a port can be configured for more than one type of authentication to protect the switch from unauthorized access, the last setting you configure with the aaa port-access controlled-directions command is applied to all authentication methods configured on the switch. For information about how to configure and use 802.1X authentication, see Port-Based and User-Based Access Control (802.1X).

• When a web-based authenticated port is configured with the controlled-directions in setting, eavesdrop prevention is not supported on the port.

Syntax

aaa port-access <port-list> controlled-directions < both | in >