Authentication Control-Direction - Cisco Catalyst 4500 Series Command Reference Manual

Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches

authentication control-direction

To change the port control to unidirectional or bidirectional, use the authentication control-direction
command in interface configuration mode. To return to the default setting, use the no form of this
command.
Syntax Description
both
in
Command Default both
Command Modes Interface configuration mode
Command History Release
12.2(50)SG
Usage Guidelines The authentication control-direction command replaces the following dot1x command, which is
deprecated in Cisco IOS Release 12.2(50)SG and later releases:
dot1x control-direction {both | in}
The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that
restricts unauthorized devices from connecting to a LAN through publicly accessible ports.
IEEE 802.1X controls network access by creating two distinct virtual access points at each port. One
access point is an uncontrolled port; the other is a controlled port. All traffic through the single port is
available to both access points. IEEE 802.1X authenticates each user device that connects to a switch
port and assigns the port to a VLAN before making available any services that are offered by the switch
or the LAN. Until the device authenticates, 802.1X access control allows only Extensible Authentication
Protocol (EAP) over LAN (EAPOL) traffic through the port to which the device connects. After
authentication succeeds, normal traffic can pass through the port.
•
•
OL-27596 -01
authentication control-direction {both | in}
no authentication control-direction
Enables bidirectional control on the port.
Enables unidirectional control on the port.
Modification
Support for this command was introduced.
Unidirectional state—When you configure a port as unidirectional with the
dot1x control-direction interface configuration command, the port changes to the spanning-tree
forwarding state.
When the unidirectional controlled port is enabled, the connected host is in sleeping mode or
power-down state. The host does not exchange traffic with other devices in the network. If the host
connected to the unidirectional port that cannot send traffic to the network, the host can only receive
traffic from other devices in the network.
Bidirectional state—When you configure a port as bidirectional with the dot1x control-direction
interface configuration command, the port is access-controlled in both directions. In this state, the
switch port sends only EAPOL.
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.4.0SG and IOS 15.1(2)SG)
authentication control-direction
2-23