Configure 802.1X controlled direction (optional)

After you enable 802.1X authentication on specified ports, you can use the aaa port-access controlled-direction command to configure how a port transmits traffic before it successfully authenticates a client and enters the authenticated state.

As documented in the IEEE 802.1X standard, an 802.1X-aware port that is unauthenticated can control traffic in either of the following ways:

  • In both ingress and egress directions by disabling both the reception of incoming frames and transmission of outgoing frames

  • Only in the ingress direction by disabling only the reception of incoming frames.

Syntax:


aaa port-access <port-list> controlled-direction <both|in>
<port-list>

Specifies the list of ports on which this command will be applied.

both

(default) Specifies that incoming and outgoing traffic is blocked on an 802.1X-aware port before authentication occurs.

in

Specifies that incoming traffic is blocked on an 802.1X-aware port before authentication occurs. Outgoing traffic with unknown destination addresses is flooded on unauthenticated 802.1X-aware ports.