1-3Authorized state and unauthorized stateThe device uses the authentication server to authenticate a client trying to access the LAN and controlsthe status of the controlled port depending on the authentication result, putting the controlled port in theauthorized state or unauthorized state, as shown in Figure 1-2.Figure 1-2 Authorized/unauthorized status of a controlled portYou can set the access control mode of a specified port to control the authorization status. The accesscontrol modes include:z authorized-force: Places the port in the authorized state, allowing users of the ports to access thenetwork without authentication.z unauthorized-force: Places the port in the unauthorized state, denying any access requests fromusers of the ports.z auto: Places the port in the unauthorized state initially to allow only EAPOL frames to pass, andturns the ports into the authorized state to allow access to the network after the users passauthentication. This is the most common choice.Control directionIn the unauthorized state, the controlled port can be set to deny traffic to and from the client or just thetraffic from the client.Currently, your device can only be set to deny traffic from the client.EAP over LANsEAPOL frame formatEAPOL, defined in 802.1X, is intended to carry EAP protocol packets between clients and devices overLANs. Figure 1-3 shows the EAPOL frame format.
