Viewing
Viewing the status and settings of ports enabled for web-based authentication
Syntax
show port-access web-based<port-list>
Displays the status of all ports or specified ports that are enabled for web-based authentication. The information displayed for each port includes:
Number of authorized and unauthorized clients.
VLAN ID number of the untagged VLAN used. If the switch supports MAC (untagged) VLANs,
MACbased
is displayed to show that multiple untagged VLANs are configured for authentication sessions.If tagged VLANs (statically configured or RADIUS-assigned) are used (
Yes
orNo
.)If client-specific per-port CoS (Class of Service) values are configured (
Yes
orNo
) or the numerical value of the CoS (802.1p priority) applied to all inbound traffic. For client-specific per-port CoS values, enter theshow port-access web-based clients detailed
command.If per-port rate-limiting for inbound traffic is applied (
Yes
orNo
) or the percentage value of the port's available bandwidth applied as a rate-limit value.If RADIUS-assigned ACLs are applied.
Information on ports not enabled for web authentication is not displayed.
Viewing session details for web-Auth clients
Syntax
show port-access web-based clients<port-list>
Displays the session status, name, and address for each web-based authenticated client on the switch.
The IP address displayed is taken from the DHCP binding table, learned through the DHCP snooping feature.
If DHCP snooping is not enabled on the switch,
n/a
(not available) is displayed for a client's IP address.If a web-based authenticated client uses an IPv6 address,
n/a-IPv6
is displayed.If DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table,
n/a
no info
is displayed.
Viewing status details of web-based authentication sessions on specified ports
Syntax
show port-access web-based clients<port-list>
detailedDisplays detailed information on the status of web-based authenticated client sessions on specified switch ports. Shows session status, name, and address for each web-based authenticated client on the switch. The IP address displayed is taken from the DHCP binding table, learned through DHCP snooping. The following can appear if the client's IP address is not available:
n/a
—DHCP snooping is not enabled on the switch;n/a
is displayed for a client's IP address.
n/a-IPv6
—a web-based authenticated client uses an IPv6 address.
n/a-no info
—DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table.
Viewing web-based authentication settings for ports
Syntax
show port-access web-based config<port-list>
Displays the currently configured web-based authentication settings for all switch ports or specified ports, including:
Temporary DHCP base address and mask.
Support for RADIUS-assigned dynamic VLANs (
Yes
orNo.
)Controlled directions setting for transmitting Wake-on-LAN traffic on egress ports.
Authorized and unauthorized VLAN IDs.
If the authorized or unauthorized VLAN ID value is
0
, the default VLAN ID is used unless overridden by a RADIUS-assigned value.
Viewing details of web-based authentication settings for ports
Syntax
Viewing web-based authentication settings for ports, including RADIUS server specific
Syntax
show port-access web-based config<port-list>
auth-serverDisplays the currently configured web authentication settings for all switch ports or specified ports and includes RADIUS server-specific settings, such as:
Timeout waiting period.
Number of timeouts supported before authentication login fails.
Length of time (quiet period) supported between authentication login attempts.
Viewing the show
commands for MAC authentication
Syntax
show port-access mac-based<port-list>
Displays the status of all ports or specified ports that are enabled for MAC authentication. The information displayed for each port includes:
Number of authorized and unauthorized clients.
VLAN ID number of the untagged VLAN used. If the switch supports MAC (untagged) VLANs,
MACbased
is displayed to show that multiple untagged VLANs are configured for authentication sessions.If tagged VLANs (statically configured or RADIUS-assigned) are used (
Yes
orNo
.)If client-specific per-port CoS (Class of Service) values are configured (
Yes
orNo
) or the numerical value of the CoS (802.1p priority) applied to all inbound traffic. For client-specific per-port CoS values, enter theshow port-access web-based clients detailed
command.If per-port rate-limiting for inbound traffic is applied (
Yes
orNo
) or the percentage value of the port's available bandwidth applied as a rate-limit value.If RADIUS-assigned ACLs are applied.
Information on ports not enabled for MAC authentication is not displayed.
Viewing session information for MAC authenticated clients on a switch
Syntax
show port-access mac-based clients<port-list>
Displays the session status, name, and address for each MAC authenticated client on the switch. The IP address displayed is taken from the DHCP binding table (learned through the DHCP Snooping feature).
If DHCP snooping is not enabled on the switch,
n/a
(not available) is displayed for a client's IP address.If a MAC-authenticated client uses an IPv6 address,
n/a - IPv6
is displayed.If DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table,
n/a
- no info
is displayed.
Viewing detail on status of MAC authenticated client sessions
Syntax
show port-access mac-based clients<port-list>
detailedDisplays detailed information on the status of MAC authenticated client sessions on specified ports. Shows session status, name, and address for each MAC authenticated client on the switch. The IP address displayed is taken from the DHCP binding table, learned through DHCP snooping. The following can appear if the client's IP address is not available:
n/a
— DHCP snooping is not enabled on the switch;n/a
is displayed for a client's IP address.
n/a-IPv6
— a web-based authenticated client uses an IPv6 address.
n/a-no info
— DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table.
Error log
Error | Message |
---|---|
RMON_DCA_ILLEGAL_VSA_VALUE | Invalid value of attribute '%s'
received on port %s for %s client %s. Example Invalid value of attribute |
RMON_CONFIG_VSA_CONFLICT | Conflict occurred between configuration
and attribute '%s' received on port %s for %s client %s. Example Conflict occurred between configuration and attribute |
RMON_DCA_ILLEGAL_VSA_COMBINATION |
Illegal combination of attributes '%s'
and '%s' received on port %s for %s client %s. Example Illegal combination of attributes |
Viewing MAC authentication settings on ports
Syntax
show port-access mac-based config<port-list>
Displays the currently configured MAC authentication settings for all switch ports or specified ports, including:
MAC address format.
Support for RADIUS-assigned dynamic VLANs (
Yes
orNo.
)Controlled directions setting for transmitting Wake-on-LAN traffic on egress ports.
Authorized and unauthorized VLAN IDs.
If the authorized or unauthorized VLAN ID value is
0
, the default VLAN ID is used unless overridden by a RADIUS-assigned value.For the 3800, 5400zl, and 8200zl switches, when the switch is in enhanced secure mode, you are prompted about displaying sensitive information before the command is executed. See SecurityTraffic/Security Features and Monitors.
Viewing details of MAC Authentication settings on ports
Syntax
Viewing MAC Authentication settings including RADIUS server-specific
Syntax
show port-access mac-based config<port-list>
auth-serverDisplays the currently configured web authentication settings for all switch ports or specified ports and includes RADIUS server-specific settings, such as:
Timeout waiting period.
Number of timeouts supported before authentication login fails.
Length of time (quiet period) supported between authentication login attempts.