Operating notes

  • Using the aaa port-access controlled-direction in command, you can enable the transmission of Wake-on-LAN traffic on unauthenticated egress ports that are configured for any of the following port-based security features:
    • 802.1X authentication

    • MAC authentication

    • Web authentication

    Because a port can be configured for more than one type of authentication to protect the switch from unauthorized access, the last setting you configure with the aaa port-access controlled-direction command is applied to all authentication methods configured on the switch. See Web and MAC Authentication.
  • To display the currently configured 802.1X Controlled Direction value, enter the show port-access authenticator config command.

  • When an 802.1X-authenticated port is configured with the controlled-direction in setting, eavesdrop prevention is not supported on the port.

Configuring 802.1X controlled directions shows how to enable the transmission of Wake-on-LAN traffic in the egress direction on an 802.1X-aware port before it transitions to the 802.1X authenticated state and successfully authenticates a client device.

Configuring 802.1X controlled directions

switch(config)# aaa port-access authenticator a10
switch(config)# aaa authentication port-access eap-radius
switch(config)# aaa port-access authenticator active
switch(config)# aaa port-access a10 controlled-direction in