3-22
Web and MAC Authentication
Configuring Web Authentication
Syntax: aaa port-access <port-list > controlled-directions <both | in>
After you enable web-based authentication on specified
ports, you can use the aaa port-access controlled-direc-
tions command to configure how a port transmits
traffic before it successfully authenticates a client and
enters the authenticated state.
both (default): Incoming and outgoing traffic is
blocked on a port configured for web authentication
before authentication occurs.
in: Incoming traffic is blocked on a port configured for
web authentication before authentication occurs. Out-
going traffic with unknown destination addresses is
flooded on unauthenticated ports configured for web
authentication.
Prerequisites: As implemented in 802.1X authentica-
tion, the disabling of incoming traffic and transmis-
sion of outgoing traffic on a web-authenticated egress
port in an unauthenticated state (using the aaa port-
access controlled-directions in command) is supported
only if:
■ The 802.1s Multiple Spanning Tree Protocol
(MSTP) or 802.1w Rapid Spanning Tree Protocol
(RSTP) is enabled on the switch. MSTP and RSTP
improve resource utilization while maintaining a
loop-free network.
The port is configured as an edge port in the network
using the spanning-tree edge-port command.
