Figure 6-6 illustrates a situation in which the PAEs associated with the two systems, A and B, are able to adopt either the Supplicant or the Authenticator roles, as necessary. In order for System A to make use of System B’s services, System A’s PAE must adopt the Supplicant role, and System B’s PAE the Authenticator role. For System B to make use of System A’s services, the roles are reversed. Note that although the Authentication Server function is shown as residing in two distinct systems in this example, this need not be the case.

LAN

Figure 6-6—Systems adopting both Authenticator and Supplicant roles

NOTE—The situation shown in Figure 6-6 could be found, for example, where System A and System B are both Bridges. When they are initially connected together, each Bridge requires the other Bridge to be authenticated and authorized before it will forward frames on behalf of the other Bridge.

6.4 Unidirectional and bidirectional control

The degree to which protocol exchanges that take place on the controlled Port are affected by the authorization state is determined by two controlled directions parameters associated with each controlled port: an AdminControlledDirections parameter and an OperationalControlledDirections parameter. These parameters determine whether a controlled Port that is unauthorized exerts control over communication in both directions (disabling both reception of incoming frames and transmission of outgoing frames), or just in the incoming direction (disabling only reception of incoming frames). The controlled directions parameters can take one of two possible values, Both and In. The relationship between these two parameters, and the meaning of their values, is as follows:

a)AdminControlledDirections = Both. This indicates that bidirectional control is required to be exerted; i.e., control is exerted over both incoming and outgoing traffic through the controlled Port. The value of OperControlledDirections is unconditionally set equal to Both if AdminControlledDirections is set equal to Both.

b)AdminControlledDirections = In. This indicates that unidirectional control is required to be exerted; i.e., control is only exerted over incoming traffic through the controlled Port. If AdminControlledDirections is set equal to In, the value of OperControlledDirections is set equal to In on initialization and when the Port’s MAC becomes operable. However, the value of OperControlledDirections is set to Both if any of the following conditions is true:

1) The Port is a Bridge Port, and the Bridge Detection state machine (Clause 18 of IEEE Std 802.1t-2001) detects the presence of another Bridge connected to the Port.