Allied Telesis AT-S63 User Manual

Chapter 33: 802.1x Port-based Network Access Control Commands

432

servtimeout

authentication server timeout conditions. The default

value is 10 seconds. The range is 1 to 60 seconds. The
parameters are equivalent.

maxreq

Specifies the maximum number of times that the

switch retransmits an EAP Request packet to the client
before it times out the authentication session. The
range is 1 to 10 retransmissions and the default is 2.

ctrldirboth

Specifies how the port is to handle ingress and egress

broadcast and multicast packets when in the
unauthorized state. When a port is set to the
authenticator role, it remains in the unauthorized
state until the client logs on by providing a username
and password combination. In the unauthorized state,
the port accepts only EAP packets from the client. All
other ingress packets that the port might receive from
the client, including multicast and broadcast traffic, is
discarded until the supplicant has logged on.

You can use this selection to control how an

authenticator port handles egress broadcast and
multicast traffic when in the unauthorized state. You
can instruct the port to forward this traffic to the
client, even though the client has not logged on, or
you can have the port discard the traffic.

The options are:

ingress

An authenticator port, when in the

unauthorized state, discards all ingress
broadcast and multicast packets from the
client while forwarding all egress
broadbast and multicast traffic to the
same client. This is the default setting.

both

An authenticator port, when in the

unauthorized state, does not forward
ingress or egress broadcast and multicast
packets from or to the client until the
client has logged on.

Description

This command sets ports to the authenticator role and configures the
authenticator role parameters. This command also disables port-based
access control on a port.