KB.15.15

aaa port-access <port-list>controlled-direction <both | in>

• both (default): Incoming and outgoing traffic is blocked on an 802.1X-aware port before

authentication occurs. in:

• Incoming traffic is blocked on an 802.1X-aware port before authentication occurs. Outgoing

traffic with unknown destination addresses is flooded on unauthenticated 802.1X-aware ports.

Wake-on-LAN Traffic

The Wake-on-LAN feature is used by network administrators to remotely power on a sleeping

workstation (for example, during early morning hours to perform routine maintenance operations,

such as patch management and software updates).

The aaa port-access controlled-direction incommand allows Wake-on-LAN traffic

to be transmitted on an 802.1X-aware egress port that has not yet transitioned to the 802.1X

authenticated state; the controlled-direction both setting prevents Wake-on-LAN traffic to be

transmitted on an 802.1X-aware egress port until authentication occurs.

NOTE: Although the controlled-direction in setting allows Wake-on-LAN traffic to traverse the

switch through unauthenticated 802.1X-aware egress ports, it does not guarantee that the

Wake-on-LAN packets will arrive at their destination. For example, firewall rules on other network

devices and VLAN rules may prevent these packets from traversing the network.

Setting Up and Configuring 802.1X Open VLAN Mode

Preparation

This section assumes use of both the Unauthorized-Client and Authorized-Client VLANs.

464 Port-Based and User-Based Access Control (802.1X)