beautypg.com

Allied Telesis AT-S62 User Manual

Page 669

background image

AT-S62 Management Software Menus Interface User’s Guide

Section VI: Port Security

669

For additional information, refer to “Supplicant and VLAN Associations”
on page 655.

B - Secure VLAN
This parameter controls the action of an authenticator port to
subsequent authentications after the initial authentication where VLAN
assignments have been added to the user accounts on the RADIUS
server. This parameter only applies when the port is operating in the
Multiple operating mode. Possible settings are:

ˆ

On: Specifies that only those supplicants with the same VLAN
assignment as the initial supplicant are authenticated. Supplicants
with a different or no VLAN assignment are denied entry to the
port. This is the default setting.

ˆ

Off: Specifies that all supplicants, regardless of their assigned
VLANs, are authenticated. However, the port remains in the VLAN
specified in the initial authentication, regardless of the VLAN
assignments of subsequent authentications.

For further information, refer to “Supplicant and VLAN Associations” on
page 655.

C - Control Direction
This parameter specifies how the port handles ingress and egress
broadcast and multicast packets when in the unauthorized state. When
a port is set to the authenticator role, it remains in the unauthorized
state until a client logs on by providing a username and password
combination. In the unauthorized state, the port only accepts EAP
packets from the client. All other ingress packets that the port might
receive from the client, including multicast and broadcast traffic, is
discarded until the supplicant has logged in. The options are:

ˆ

Ingress: A port, when in the unauthorized state, discards all
ingress broadcast and multicast packets from the client, but
forwards all egress broadcast and multicast traffic to the same
client.

ˆ

Both: A port, when in the unauthorized state, does not forward
ingress or egress broadcast and multicast packets from or to the
same client until the client logs in. This is the default.

Note

This parameter is only available when the authenticator’s mode is
set to Single. When set to Multiple, a port does not forward ingress
or egress broadcast or multicast packets until at least one client has
logged on.

See also other documents in the category Allied Telesis Computer hardware: