Allied Telesis AT-S63 User Manual
Page 359

AT-S63 Management Software Web Browser User’s Guide
Section VI: Port Security
359
Supplicant Mode
Sets the supplicant mode of an authenticator port. The possible 
settings are:
Single: Configures the authenticator port to accept only one 
authentication. This mode should be used together with the piggy-
back mode. When an authenticator port is set to the Single mode 
and the piggy-back mode is disabled, only the one client who is 
authenticated can use the port. Packets from or to other clients on 
the port are discarded. If piggy-back mode is enabled, other clients 
can piggy-back onto another client’s authentication and so be able 
to use the port.
Multiple: Configures the port to accept up to 20 authentications. 
Every client using an authenticator port in this mode must have a 
username and password combination.
Port Control
The possible settings are:
Auto - Activates 802.1x port-based authentication and causes the port 
to begin in the unauthorized state, allowing only EAPOL frames to be 
sent and received through the port. The authentication process begins 
when the link state of the port changes or the port receives an EAPOL-
Start packet from a supplicant. The switch requests the identity of the 
client and begins relaying authentication messages between the client 
and the authentication server. This is the default setting.
Force-authorized - Disables IEEE 802.1X port-based authentication 
and causes the port to transition to the authorized state without any 
authentication exchange required. The port transmits and receives 
normal traffic without 802.1x-based authentication of the client. 
Note
A supplicant connected to an authenticator port set to force-
authorized must have 802.1x client software if the port’s 
authenticator mode is 802.1x. Though the force-authorized setting 
prevents an authentication exchange, the supplicant must still have 
the client software to forward traffic through the port.
Force-unauthorized - Causes the port to remain in the unauthorized 
state, ignoring all attempts by the client to authenticate. The switch 
cannot provide authentication services to the client through the 
interface
Max Requests 
Specifies the maximum number of times that the switch retransmits an 
EAP Request packet to the client before it times out the authentication 
session. The default value for this parameter is 2 retransmissions. The 
range is 1 to 10 retransmissions.
