Web and MAC Authentication

Configuring Web Authentication

Syntax: aaa port-access <port-list> controlled-directions <both in>

Continued

Notes:

For information on how to configure the prerequisites for using the aaa port-accesscontrolled-directions in command, see Chapter 4, “Multiple Instance Spanning-Tree Operation” in the Advanced Traffic Management Guide.

To display the currently configured Controlled Directions value for web-authenticated ports, enter the show port-accessweb-based config command as shown in Figure 3-4.

The aaa port-access controlled-direction in command allows Wake- on-LAN traffic to be transmitted on a web-authenticated egress port that has not yet transitioned to the authenticated state; the controlled-direction both setting prevents Wake-on-LAN traffic to be transmitted on a web-authenticated egress port until authentication occurs.

The Wake-on-LAN feature is used by network administrators to remotely power on a sleeping workstation (for example, during early morning hours to perform routine maintenance operations, such as patch management and software updates)

Using the aaa port-access controlled-directions in command, you can enable the transmission of Wake-on-LAN traffic on unauthenticated egress ports that are configured for any of the following port-based security features:

802.1X authentication

MAC authentication

Web authentication

Because a port can be configured for more than one type of authentication to protect the switch from unauthorized access, the last setting you configure with the aaa port-access controlled-directions command is applied to all authentication methods configured on the switch.

For information about how to configure and use 802.1X authentica- tion, refer to Chapter 10, “Configuring Port-Based and User-Based Access Control (802.1X)”.

When a web-authenticated port is configured with the controlled- directions in setting, eavesdrop prevention is not supported on the port.

3-23