Viewing
Displaying 802.1X Configuration, Statistics, and Counters
Show Commands for Port-Access Authenticator
Syntax
show port-access authenticator [port-list] [config | statistics | session-counters | vlan | clients [detailed]]
If you enter the show port-access authenticator command without an optional value, the following configuration information is displayed for all switch ports, or specified ports, that are enabled for 802.1X port-access authentication:
Port -access authenticator activated: Are any switch ports configured to operate as 802.1X authenticators using the aaa port-access authenticator command? Yes or No
Allow RADIUS-assigned dynamic (GVRP) VLANs: Are RADIUS-assigned dynamic (GVRP-learned) VLANs supported for authenticated and unauthenticated client sessions on the switch? Yes or No
Auth Clients: Number of authorized clients
Unauth Clients: Number of unauthorized clients
Syntax
show port-access authenticator [port-list] [config | statistics | session-counters | vlan | clients | clients detailed
Untagged VLAN: VLAN ID number of the untagged VLAN used in client sessions. If the switch supports MAC-based (untagged) VLANs, MACbased is displayed to show that multiple untagged VLANs are configured for authentication sessions.
Tagged VLANs: Are tagged VLANs (statically configured or RADIUS-assigned) used for authenticated clients? Yes or No
Port COS:
Yes - Client-specific CoS (Class of Service) values are applied to more than one authenticated client on the port.
No - No client-specific CoS values are applied to any authenticated client on the port.
<CoS value — Numerical value of the CoS (802.1p priority) applied to inbound traffic from one authenticated client. For client-specific per-port CoS values, enter the show port-access web-based clients detailed command.
% In Limit: Inbound rate limit applied.
RADIUS ACL: Are RADIUS-assigned ACLs used for authenticated clients? Yes or No
Cntrl Dir: Direction in which flow of incoming and outgoing traffic is blocked on 802.1X-aware port that has not yet entered the authenticated state:
Both: Incoming and outgoing traffic is blocked on port until authentication occurs.
In: Only incoming traffic is blocked on port before authentication occurs.
Outgoing: traffic with unknown destination addresses is flooded on the unauthenticated 802.1X-aware port.
The information displayed with the show port-access authenticator command for individual (config | statistics | session-counters | vlan | clients) options is described below.
Syntax
show port-access authenticator config [port-list]
Displays 802.1X port-access authenticator configuration settings, including:
Whether port-access authentication is enabled
Whether RADIUS-assigned dynamic VLANs are supported
802.1X configuration of ports that are enabled as 802.1X authenticators (See the syntax descriptions in Reconfigure Settings for Port-Access. Use the show running command to view the current client-limit configuration available for switches.)
You can display 802.1X port-access authenticator configuration for all switch ports or specified ports. 802.1X configuration information for ports that are not enabled as 802.1X authenticators is not displayed.