zo packets can pass through it.The valid direction of a controlled portfigure it to be a unidirectional port, whichTcant systemsconnected to the port can access the network without being authenticated after one supplicantThe MIEEE 802.1xinformatioFigure 28-2 The mechanism of an 802.1x authentication systemThe controlled port can be used to pass service packets when it is in authorized state. It is blockedwhen not in authorized state. In this case, nz Controlled port and uncontrolled port are two properties of a port. Packets reaching a port arevisible to both the controlled port and uncontrolled port of the port.When a controlled port is in unauthorized state, you can consends packets to supplicant systems only.By default, a controlled port is a unidirectional port.he way a port is controlledA port of a 3Com series switch can be controlled in the following two ways.z Port-based authentication. When a port is controlled in this way, all the supplisystem among them passes the authentication. And when the authenticated supplicant systemgoes offline, the others are denied as well.z MAC-based authentication. All supplicant systems connected to a port have to be authenticatedindividually in order to access the network. And when a supplicant system goes offline, the othersare not affected.echanism of an 802.1x Authentication Systemauthentication system uses the Extensible Authentication Protocol (EAP) to exchangen between the supplicant system and the authentication server.apsulated as EAP over RADIUS (EAPoR) packets or be terminated at systemmmunicate with RADIUS servers through Password-Handshake Authentication Protocol (CHAP) packets.cation, the authentication server passes thehenticator system. The authenticator system inuthorized) of the controlled port according to theUS server.The format of an EAPoL packetsulation format defined in 802.1x. To enable EAP protocol packets to belicant systems and authenticator systems through LANs, EAP protocolk PoLkz EAP protocol packets transmitted between the supplicant system PAE and the authenticatorsystem PAE are encapsulated as EAPoL packets.z EAP protocol packets transmitted between the authenticator system PAE and the RADIUS servercan either be encPAEs. The system PAEs then coAuthentication Protocol (PAP) or Challengez When a supplicant system passes the authentiinformation about the supplicant system to the autturn determines the state (authorized or unainstructions (accept or reject) received from the RADIEncapsulation of EAPoL MessagesEAPoL is a packet encaptransmitted between supppac ets are encapsulated in EAPoL format. The following figure illustrates the structure of an EApac et.28-3