Allied Telesis AT-S79 User Manual
Page 132

Chapter 10: 802.1x Port-based Network Access Control
132
Section I: Using the Menus Interface
Force-unauthorized - Places the port in the unauthorized state, 
ignoring all attempts by the client to authenticate. This port control 
setting blocks all users from accessing the network through the port 
and is similar to disabling a port and can be used to secure a port from 
use. The port continues to forward EAPOL packets, but discards all 
other packets, including multicast and broadcast packets.
Force-authorized - Disables IEEE 802.1x port-based authentication 
and causes the port to transition to the authorized state without any 
authentication exchange required. The port transmits and receives 
normal traffic without 802.1x-based authentication of the client. This is 
the default setting. Use this port control setting for those ports where 
there are network devices that are not to be authenticated.
Figure 34 illustrates the concept of the authenticator port control settings.
Figure 34. Example of the Authenticator Role
Port 2 is set to Auto. The end node connected to the port must use its 
802.1x client software and provide a username and password to send 
or receive traffic from the switch.
Port 18 is set to the Force-authorized setting so that the end node 
connected to the port does not have to provide a user name or 
password to send or receive traffic from the switch. In the example, the 
node is the RADIUS authentication server. Since the server cannot 
authenticate itself, its port must be set to Force-authorized in order for 
it to pass traffic through the port.
Port 23 is set to Force-unauthorized to prevent anyone for using the 
port. 
RADIUS
Authentication
Server
Supplicant with
802.1x Client
Software
Port 2
802.1x Port Control
Setting: Auto
Port 18
802.1x Port Control:
Setting: Force-authorized
Port 23
802.1x Port Control:
Setting: Force-unauthorized
