Controlled direction
After you enable web-based-based authentication on specified ports, you can use the
aaa port-access controlled-direction
command to configure how a port transmits traffic before it successfully authenticates a client and enters the authenticated state.
Syntax
aaa port-access <port-list> controlled-direction {both | in}
<port-list>
Specifies the list of ports on which this command will be applied.
both
(default): Specifies that incoming and outgoing traffic is to be blocked on a port configured for web-based authentication before authentication occurs.
in
Specifies that incoming traffic is to be blocked on a port configured for web-based authentication before authentication occurs. Outgoing traffic with unknown destination addresses is flooded on unauthenticated ports configured for web-based authentication.
Usage
To display the currently configured controlled direction value for web-based authenticated ports, enter the
show port-access web-based config
command.The
aaa port-access controlled-direction in
command allows Wake-on-LAN traffic to be transmitted on a web-based authenticated egress port that has not yet transitioned to the authenticated state; the controlled-direction both setting prevents Wake-on-LAN traffic to be transmitted on a web-based authenticated egress port until authentication occurs. The Wake-on-LAN feature is used by network administrators to remotely power on a sleeping workstation (for example, during early morning hours to perform routine maintenance operations, such as patch management and software updates.)- Using the
aaa port-access controlled-direction in
command, you can enable the transmission of Wake-on-LAN traffic on unauthenticated egress ports that are configured for any of the following port-based security features:802.1X authentication
MAC authentication
Web-based authentication
aaa port-access controlled-direction
command is applied to all authentication methods configured on the switch. When a web-based authenticated port is configured with the controlled-direction in setting, eavesdrop prevention is not supported on the port.