Release L.10.08 Enhancements
The Wake-on-LAN feature is used by network administrators to remotely power on a sleeping
workstation (for example, during early morning hours to perform routine maintenance operations,
such as patch management and software updates).
The aaa port-access controlled-direction in command allows Wake-on-LAN traffic to be transmitted on
an 802.1X-aware egress port that has not yet transitioned to the 802.1X authenticated state; the
controlled-direction both setting prevents Wake-on-LAN traffic to be transmitted on an 802.1X-aware
egress port until authentication occurs.
Although the controlled-direction in setting allows Wake-on-LAN traffic to traverse the switch through
unauthenticated 802.1X-aware egress ports, it does not guarantee that the Wake-on-LAN packets will
arrive at their destination. For example, firewall rules on other network devices and VLAN rules may
prevent these packets from traversing the network.
Using the aaa port-access controlled-directions in command, you can enable the transmission of
Wake-on-LAN traffic on unauthenticated egress ports that are configured for 802.1X.
Because a port can be configured for more than one type of authentication to protect the switch from
unauthorized access, the last setting you configure with the aaa port-access controlled-directions
command is applied to all authentication methods configured on the switch.
For information about how to configure and use MAC and Web authentication, refer to the Access
and Security Guide for your switch.
To display the currently configured 802.1X Controlled Directions value, enter the show port-
access authenticator config command.
When an 802.1X-authenticated port is configured with the controlled-directions in setting,
eavesdrop prevention is not supported on the port.
Example: Configuring 802.1X Controlled Directions
The following example shows how to enable the transmission of Wake-on-LAN traffic in the egress
direction on an 802.1X-aware port before it transitions to the 802.1X authenticated state and
successfully authenticates a client device.