Allied Telesis AT-S63 User Manual
Page 630

Chapter 34: 802.1x Port-based Network Access Control Commands
630
Section VIII: Port Security
both
An authenticator port, when in the
unauthorized state, does not forward 
ingress or egress broadcast and multicast 
packets from or to the client until the client 
has logged on.
This parameter is only available when the 
authenticator’s operating mode is set to single. When 
set to multiple, an authenticator port does not forward 
ingress or egress broadcast or multicast packets until 
at least one client has logged on.
piggyback
Controls who can use the switch port in cases where
there are multiple clients using the port, for example the 
port is connected to an Ethernet hub. This parameter is 
applicable when the authenticator’s operating mode is 
set to single. The options are:
enabled
Allows all clients on the port to piggy-
back onto the initial client’s 
authentication, causing the port to 
forward all packets after one client is 
authenticated. This is the default setting.
disabled
Specifies that the switch port forward 
only those packets from the client who is 
authenticated and discard packets from 
all other users.
guestvlan
Specifies the name or VID of a Guest VLAN. The 
authenticator port is a member of a Guest VLAN when 
no supplicant is logged on. Clients do not log on to 
access a Guest VLAN.
If an authenticator port where a Guest VLAN has been 
defined starts to receive EAPOL packets, signalling that 
a supplicant is logging on, it changes to the 
unauthorized state and moves from the Guest VLAN to 
its predefined VLAN. The port remains in the 
unauthorized state until the log on process between the 
supplicant and the RADIUS server is completed.
The options are:
vlan-name Specifies the name of the Guest VLAN.
vlan-id
Specifies the VID of the Guest VLAN.
none
Removes a predefined Guest VLAN from
an authenticator port.
