322
• MAC-based access control—Each user is separately authenticated on a port. When a user logs off,
no other online users are affected.
Controlled/uncontrolled port and port authorization status
802.1X defines two logical ports for the network access port: controlled port and uncontrolled port. Any
packet arriving at the network access port is visible to both logical ports.
• Controlled port—Allows incoming and outgoing traffic to pass through when it is in the authorized
state, and denies incoming and outgoing traffic when it is in the unauthorized state, as shown
in Figure 299.
The controlled port is set in authorized state if the client has passed authentication,
and in unauthorized state, if the client has failed authentication.
• Uncontrolled port—Is always open to receive and transmit EAPOL frames.
Figure 299 Authorization state of a controlled port
In the unauthorized state, a controlled port controls traffic in one of the following ways:
• Performs bidirectional traffic control to deny traffic to and from the client.
• Performs unidirectional traffic control to deny traffic from the client.
The device supports only unidirectional traffic control.
Packet formats
EAP packet format
Figure 300 shows the EAP packet format.
Figure 300 EAP packet format
Controlled port Uncontrolled port
Authenticator system 1
LAN
Controlled port Uncontrolled port
Authenticator system 2
LAN
Port unauthorized
Port authorized
015
Code
Data
Length
7
Identifier
2
4
N
To Next Page
Loading...
Need help?
General
