Configure 802.1X controlled direction (optional)

After you enable 802.1X authentication on specified ports, you can use the aaa port-access controlled-direction command to configure how a port transmits traffic before it successfully authenticates a client and enters the authenticated state.

As documented in the IEEE 802.1X standard, an 802.1X-aware port that is unauthenticated can control traffic in either of the following ways:

In both ingress and egress directions by disabling both the reception of incoming frames and transmission of outgoing frames
Only in the ingress direction by disabling only the reception of incoming frames.

Syntax:


aaa port-access <port-list> controlled-direction <both|in>

<port-list>: Specifies the list of ports on which this command will be applied.
both: (default) Specifies that incoming and outgoing traffic is blocked on an 802.1X-aware port before authentication occurs.
in: Specifies that incoming traffic is blocked on an 802.1X-aware port before authentication occurs. Outgoing traffic with unknown destination addresses is flooded on unauthenticated 802.1X-aware ports.