Show commands for web-based authentication

show port-access web-based command

Syntax: 


show port-access web-based [port-list]
Displays the status of all ports or specified ports that are enabled for web-based authentication. The information displayed for each port includes:

  • Number of authorized and unauthorized clients.

  • VLAN ID number of the untagged VLAN used. If the switch supports MAC (untagged) VLANs, MACbased is displayed to show that multiple untagged VLANs are configured for authentication sessions.

  • If tagged VLANs (statically configured or RADIUS-assigned) are used (Yes or No.)

  • If client-specific per-port CoS (Class of Service) values are configured (Yes or No) or the numerical value of the CoS (802.1p priority) applied to all inbound traffic. For client-specific per-port CoS values, enter the show port-access web-based clients detailed command.

  • If per-port rate-limiting for inbound traffic is applied (Yes or No) or the percentage value of the port's available bandwidth applied as a rate-limit value.

  • If RADIUS-assigned ACLs are applied.

Information on ports not enabled for web authentication is not displayed.

Example: 

Switch (config)# show port-access web-based

 Port Access Web-Based Status

      Auth     Unauth   Untagged Tagged Port     % In   RADIUS
Port  Clients  Clients  VLAN     VLANs  COS      Limit  ACL
----- -------- -------- -------- ------ -------- ------ ------
1     1        1        4006     Yes    70000000 100    Yes
2     2        0        MACbased No     Yes      Yes    Yes
3     4        0        1        Yes    No       No     No

show port-access web-based clients command

Syntax: 


show port-access web-based clients [port-list]

Displays the session status, name, and address for each web-authenticated client on the switch. The IP address displayed is taken from the DHCP binding table (learned through the DHCP Snooping feature).

If DHCP snooping is not enabled on the switch, n/a (not available) is displayed for a client’s IP address.

If a web-authenticated client uses an IPv6 address, n/a - IPv6 is displayed.

If DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table, n/a - no info is displayed.

Example: 

Switch(config)#show port-access web-based clients

 Port Access Web-Based Client Status

Port  Client Name  MAC Address   IP Address      Session Status
----- ------------ ------------- --------------- -------------
1     webuser1     0010b5-891a9e 192.192.192.192 Authenticated
1     webuser2     001560-b3ea48 n/a - no info   Authenticating
1     webuser3     000000-111111 n/a - IPv6      Authenticating
3     webuser4     000000-111112 n/a             Authenticating

show port-access web-based clients detailed command

Syntax: 


show port-access web-based clients <port-list> detailed

Displays detailed information on the status of web-based authenticated client sessions on specified switch ports.

This syntax shows session status, name, and address for each web-based authenticated client on the switch. The IP address displayed is taken from the DHCP binding table, learned through DHCP snooping. The following can appear if the client's IP address is not available:

n/a — DHCP snooping is not enabled on the switch; n/a is displayed for a client's IP address.

n/a-IPv6 — a web-based authenticated client uses an IPv6 address.

n/a-no info — DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table.

Example: 

Switch(config)#show port-access web-based clients 1 detailed

 Port Access Web-Based Client Status Detailed

  Client Base Details :
   Port           : 1
   Session Status : authenticated  Session Time(sec) : 6
   Username       : webuser1       MAC Address       : 0010b5-891a9e
   IP             : n/a

 Access Policy Details :
  COS Map        : 11111111        In Limit %        : 98
  Untagged VLAN  : 4006            Out Limit %       : 100
  Tagged VLANs   : 1, 3, 5, 6, 334, 2566
  RADIUS-ACL List :
    deny in udp from any to 10.2.8.233 CNT
       Hit Count: 0
    permit in udp from any to 10.2.8.233 CNT
       Hit Count: 0
    deny in tcp from any to 10.2.8.233 CNT
       Hit Count: 0
    permit in tcp from any to 10.2.8.233 CNT
       Hit Count: 0
    permit in tcp from any to 0.0.0.0/0 CNT
       Hit Count: 0

show port-access web-based config command

Syntax: 


show port-access web-based config [port-list]
Displays the currently configured web-based authentication settings for all switch ports or specified ports, including:

  • Temporary DHCP base address and mask.

  • Support for RADIUS-assigned dynamic VLANs (Yes or No).

  • Controlled direction setting for transmitting Wake-on-LAN traffic on egress ports.

  • Authorized and unauthorized VLAN IDs.

If the authorized or unauthorized VLAN ID value is 0, the default VLAN ID is used unless overridden by a RADIUS-assigned value.

Example: 

 Switch(config)#show port-access web-based config

Port Access Web-Based Configuration

 DHCP Base Address : 192.168.0.0
 DHCP Subnet Mask  : 255.255.255.0
 DHCP Lease Length : 10
 Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No
 Access Denied Message  : System Default

               Client Client Logoff  Re-Auth Unauth   Auth     Cntrl
Port  Enabled  Limit  Moves  Period  Period  VLAN ID  VLAN ID  Dir
----- -------- ------ ------ ------- ------- -------- -------- -----
1     Yes      1      No     300     0       0        0        both
2     Yes      1      No     300     0       0        0        in

show port-access web-based config detailed command

Syntax: 


show port-access web-based config <port-list> detailed

Displays more detailed information on the currently configured web-based authentication settings for specified ports.

Example: 

Switch(config)#show port-access web-based config 1 detailed

 Port Access Web-Based Detailed Configuration

  Port           : 1        Web-based enabled : Yes
  Client Limit   : 1        Client Moves      : No
  Logoff Period  : 300      Re-Auth Period    : 0
  
  Unauth VLAN ID : 0        Auth VLAN ID      : 0
  
  Max Requests   : 3        Quiet Period      : 60
  Server Timeout : 30
  
  Max Retries    : 3        SSL Enabled       : No
  Redirect URL :

show port-access web-based config auth-server command

Syntax: 


show port-access web-based config [port-list] auth-server
Displays the currently configured web authentication settings for all switch ports or specified ports and includes RADIUS server-specific settings, such as:

  • Timeout waiting period.

  • Number of timeouts supported before authentication login fails.

  • Length of time (quiet period) supported between authentication login attempts.

Example: 

Switch (config)#show port-access web-based config auth-server

Port Access Web-Based Configuration

                Client Client Logoff  Re-Auth  Max  Quiet   Server
 Port  Enabled  Limit  Moves  Period  Period   Req  Period  Timeout
 ----- -------- ------ ------ ------- -------- ---- ------- --------
 1     Yes      1      No     300     0        3    60      30
 2     No       1      No     300     0        3    60      30
 ...

show port-access web-based config web-server command

Syntax: 


show port-access web-based config [port-list] web-server

Displays the currently configured Web Authentication settings for all ports or specified ports, including web-specific settings for password retries, SSL login status, and a redirect URL, if specified.