Web and MAC Authentication

Configuring Web Authentication

Syntax: aaa port-access <port-list> controlled-directions <both in>

After you enable web-based authentication on specified ports, you can use the aaa port-accesscontrolled-directionscommand to configure how a port transmits traffic before it successfully authenticates a client and enters the authenticated state.

both (default): Incoming and outgoing traffic is blocked on a port configured for web authentication before authentication occurs.

in: Incoming traffic is blocked on a port configured for web authentication before authentication occurs. Outgoing traffic with unknown destination addresses is flooded on unauthenticated ports configured for web authentication.

Prerequisites: As implemented in 802.1X authentica- tion, the disabling of incoming traffic and transmission of outgoing traffic on a web-authenticated egress port in an unauthenticated state (using the aaa port- access controlled-directions in command) is supported only if:

The 802.1s Multiple Spanning Tree Protocol (MSTP) or 802.1w Rapid Spanning Tree Protocol (RSTP) is enabled on the switch. MSTP and RSTP improve resource utilization while maintaining a loop-free network.

The port is configured as an edge port in the network using the spanning-treeedge-portcommand.

3-22