Controlled/uncontrolled port and port authorization status
802.1X defines two logical ports for the network access port: controlled port and uncontrolled port. Any packet arriving at the network access port is visible to both logical ports.
Controlled port—Allows incoming and outgoing traffic to pass through when it is in the authorized state, and denies incoming and outgoing traffic when it is in the unauthorized state, as shown in Figure 19. The controlled port is set in the authorized state if the client has passed authentication, and in the unauthorized state, if the client has failed authentication.
Uncontrolled port—Is always open to receive and transmit EAPOL frames.
Figure 19: Authorization state of a controlled port
In the unauthorized state, a controlled port controls traffic in one of the following ways:
Performs bidirectional traffic control to deny traffic to and from the client.
Performs unidirectional traffic control to deny traffic from the client.
The HPE devices support only unidirectional traffic control.