Allied Telesis AT-S63 User Manual

Page 630

background image

Chapter 34: 802.1x Port-based Network Access Control Commands

630

Section VIII: Port Security

both

An authenticator port, when in the

unauthorized state, does not forward
ingress or egress broadcast and multicast
packets from or to the client until the client
has logged on.

This parameter is only available when the
authenticator’s operating mode is set to single. When
set to multiple, an authenticator port does not forward
ingress or egress broadcast or multicast packets until
at least one client has logged on.

piggyback

Controls who can use the switch port in cases where

there are multiple clients using the port, for example the
port is connected to an Ethernet hub. This parameter is
applicable when the authenticator’s operating mode is
set to single. The options are:

enabled

Allows all clients on the port to piggy-
back onto the initial client’s
authentication, causing the port to
forward all packets after one client is
authenticated. This is the default setting.

disabled

Specifies that the switch port forward
only those packets from the client who is
authenticated and discard packets from
all other users.

guestvlan

Specifies the name or VID of a Guest VLAN. The
authenticator port is a member of a Guest VLAN when
no supplicant is logged on. Clients do not log on to
access a Guest VLAN.

If an authenticator port where a Guest VLAN has been
defined starts to receive EAPOL packets, signalling that
a supplicant is logging on, it changes to the
unauthorized state and moves from the Guest VLAN to
its predefined VLAN. The port remains in the
unauthorized state until the log on process between the
supplicant and the RADIUS server is completed.

The options are:

vlan-name Specifies the name of the Guest VLAN.

vlan-id

Specifies the VID of the Guest VLAN.

none

Removes a predefined Guest VLAN from

an authenticator port.