Viewing

Viewing the status and settings of ports enabled for web-based authentication

Viewing status of ports enabled for web-based authentication

Syntax
show port-access web-based <port-list>

Displays the status of all ports or specified ports that are enabled for web-based authentication. The information displayed for each port includes:

  • Number of authorized and unauthorized clients.

  • VLAN ID number of the untagged VLAN used. If the switch supports MAC (untagged) VLANs, MACbased is displayed to show that multiple untagged VLANs are configured for authentication sessions.

  • If tagged VLANs (statically configured or RADIUS-assigned) are used (Yes or No.)

  • If client-specific per-port CoS (Class of Service) values are configured (Yes or No) or the numerical value of the CoS (802.1p priority) applied to all inbound traffic. For client-specific per-port CoS values, enter the show port-access web-based clients detailed command.

  • If per-port rate-limiting for inbound traffic is applied (Yes or No) or the percentage value of the port's available bandwidth applied as a rate-limit value.

  • If RADIUS-assigned ACLs are applied.

Information on ports not enabled for web authentication is not displayed.

Example of show port-access web-based command output

Viewing session details for web-Auth clients

Syntax
show port-access web-based clients <port-list>

Displays the session status, name, and address for each web-based authenticated client on the switch.

The IP address displayed is taken from the DHCP binding table, learned through the DHCP snooping feature.

If DHCP snooping is not enabled on the switch, n/a (not available) is displayed for a client's IP address.

If a web-based authenticated client uses an IPv6 address, n/a-IPv6 is displayed.

If DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table, n/a no info is displayed.

Example of show port-access web-based authentication clients command output

Viewing status details of web-based authentication sessions on specified ports

Syntax
show port-access web-based clients <port-list> detailed

Displays detailed information on the status of web-based authenticated client sessions on specified switch ports. Shows session status, name, and address for each web-based authenticated client on the switch. The IP address displayed is taken from the DHCP binding table, learned through DHCP snooping. The following can appear if the client's IP address is not available:

n/a —DHCP snooping is not enabled on the switch; n/a is displayed for a client's IP address.

n/a-IPv6 —a web-based authenticated client uses an IPv6 address.

n/a-no info —DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table.

Example of show port-access web-based clients detailed command output

Viewing web-based authentication settings for ports

Syntax
show port-access web-based config <port-list>

Displays the currently configured web-based authentication settings for all switch ports or specified ports, including:

  • Temporary DHCP base address and mask.

  • Support for RADIUS-assigned dynamic VLANs (Yes or No.)

  • Controlled directions setting for transmitting Wake-on-LAN traffic on egress ports.

  • Authorized and unauthorized VLAN IDs.

If the authorized or unauthorized VLAN ID value is 0, the default VLAN ID is used unless overridden by a RADIUS-assigned value.

Example of show port-access web-based config command output

Viewing details of web-based authentication settings for ports

Syntax
show port-access web-based config <port-list> detailed

Displays more detailed information on the currently configured web-based authentication settings for specified ports.

Show port-access web-based config detail command output

Viewing web-based authentication settings for ports, including RADIUS server specific

Syntax
show port-access web-based config <port-list> auth-server

Displays the currently configured web authentication settings for all switch ports or specified ports and includes RADIUS server-specific settings, such as:

  • Timeout waiting period.

  • Number of timeouts supported before authentication login fails.

  • Length of time (quiet period) supported between authentication login attempts.

Show port-access web-based config auth-server command output

Viewing web-based authentication settings for ports, including web specific settings

Syntax
show port-access web-based config <port-list> web-server

Displays the currently configured web authentication settings for all ports or specified ports, including web specific settings for password retries, SSL login status, and a redirect URL, if specified.

Viewing the show commands for MAC authentication

Syntax

show port-access mac-based <port-list>

Displays the status of all ports or specified ports that are enabled for MAC authentication. The information displayed for each port includes:

  • Number of authorized and unauthorized clients.

  • VLAN ID number of the untagged VLAN used. If the switch supports MAC (untagged) VLANs, MACbased is displayed to show that multiple untagged VLANs are configured for authentication sessions.

  • If tagged VLANs (statically configured or RADIUS-assigned) are used (Yes or No.)

  • If client-specific per-port CoS (Class of Service) values are configured (Yes or No) or the numerical value of the CoS (802.1p priority) applied to all inbound traffic. For client-specific per-port CoS values, enter the show port-access web-based clients detailed command.

  • If per-port rate-limiting for inbound traffic is applied (Yes or No) or the percentage value of the port's available bandwidth applied as a rate-limit value.

  • If RADIUS-assigned ACLs are applied.

Information on ports not enabled for MAC authentication is not displayed.

Show port-access MAC authentication command output

Viewing session information for MAC authenticated clients on a switch

Syntax
show port-access mac-based clients <port-list>

Displays the session status, name, and address for each MAC authenticated client on the switch. The IP address displayed is taken from the DHCP binding table (learned through the DHCP Snooping feature).

If DHCP snooping is not enabled on the switch, n/a (not available) is displayed for a client's IP address.

If a MAC-authenticated client uses an IPv6 address, n/a - IPv6 is displayed.

If DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table, n/a - no info is displayed.

Show port-access MAC-based clients command output

Viewing detail on status of MAC authenticated client sessions

Syntax
show port-access mac-based clients <port-list> detailed

Displays detailed information on the status of MAC authenticated client sessions on specified ports. Shows session status, name, and address for each MAC authenticated client on the switch. The IP address displayed is taken from the DHCP binding table, learned through DHCP snooping. The following can appear if the client's IP address is not available:

n/a — DHCP snooping is not enabled on the switch; n/a is displayed for a client's IP address.

n/a-IPv6 — a web-based authenticated client uses an IPv6 address.

n/a-no info — DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table.

Show port-access MAC—based clients detail command output

Error log

Error Message
RMON_DCA_ILLEGAL_VSA_VALUE Invalid value of attribute '%s' received on port %s for %s client %s.

Example

Invalid value of attribute HP-Port-Auth-Mode-MA received on port A3 for MacAuth client 001234-567890.

RMON_CONFIG_VSA_CONFLICT Conflict occurred between configuration and attribute '%s' received on port %s for %s client %s.

Example

Conflict occurred between configuration and attribute HP-Port-Auth-Mode-MA received on port A3 for MacAuth client 001234-567890.

RMON_DCA_ILLEGAL_VSA_COMBINATION

Illegal combination of attributes '%s' and '%s' received on port %s for %s client %s.

Example

Illegal combination of attributes HP-Port-Auth-Mode-MA and HP-Port-Auth-Mode-Dot1x received on port A3 for 802.1X client 001234-567890.

Viewing MAC authentication settings on ports

Syntax
show port-access mac-based config <port-list>

Displays the currently configured MAC authentication settings for all switch ports or specified ports, including:

  • MAC address format.

  • Support for RADIUS-assigned dynamic VLANs (Yes or No.)

  • Controlled directions setting for transmitting Wake-on-LAN traffic on egress ports.

  • Authorized and unauthorized VLAN IDs.

If the authorized or unauthorized VLAN ID value is 0, the default VLAN ID is used unless overridden by a RADIUS-assigned value.

For the 3800, 5400zl, and 8200zl switches, when the switch is in enhanced secure mode, you are prompted about displaying sensitive information before the command is executed. See SecurityTraffic/Security Features and Monitors.

Show port-access mac-based config command output

Viewing details of MAC Authentication settings on ports

Syntax
show port-access mac-based config <port-list> detailed

Displays more detailed information on the currently configured MAC authentication settings for specified ports.

Show port-access mac-based config detail command output

Viewing MAC Authentication settings including RADIUS server-specific

Syntax
show port-access mac-based config <port-list> auth-server

Displays the currently configured web authentication settings for all switch ports or specified ports and includes RADIUS server-specific settings, such as:

  • Timeout waiting period.

  • Number of timeouts supported before authentication login fails.

  • Length of time (quiet period) supported between authentication login attempts.

Show port-access mac-based config auth-server command output