Viewing

Displaying 802.1X Configuration, Statistics, and Counters

Show Commands for Port-Access Authenticator

Syntax

show port-access authenticator [port-list] [config | statistics | session-counters | vlan | clients [detailed]]

If you enter the show port-access authenticator command without an optional value, the following configuration information is displayed for all switch ports, or specified ports, that are enabled for 802.1X port-access authentication:

  • Port -access authenticator activated: Are any switch ports configured to operate as 802.1X authenticators using the aaa port-access authenticator command? Yes or No

  • Allow RADIUS-assigned dynamic (GVRP) VLANs: Are RADIUS-assigned dynamic (GVRP-learned) VLANs supported for authenticated and unauthenticated client sessions on the switch? Yes or No

  • Auth Clients: Number of authorized clients

  • Unauth Clients: Number of unauthorized clients

Syntax

show port-access authenticator [port-list] [config | statistics | session-counters | vlan | clients | clients detailed

  • Untagged VLAN: VLAN ID number of the untagged VLAN used in client sessions. If the switch supports MAC-based (untagged) VLANs, MACbased is displayed to show that multiple untagged VLANs are configured for authentication sessions.

  • Tagged VLANs: Are tagged VLANs (statically configured or RADIUS-assigned) used for authenticated clients? Yes or No

  • Port COS:

    • Yes - Client-specific CoS (Class of Service) values are applied to more than one authenticated client on the port.

    • No - No client-specific CoS values are applied to any authenticated client on the port.

    • <CoS value — Numerical value of the CoS (802.1p priority) applied to inbound traffic from one authenticated client. For client-specific per-port CoS values, enter the show port-access web-based clients detailed command.

  • % In Limit: Inbound rate limit applied.

  • RADIUS ACL: Are RADIUS-assigned ACLs used for authenticated clients? Yes or No

  • Cntrl Dir: Direction in which flow of incoming and outgoing traffic is blocked on 802.1X-aware port that has not yet entered the authenticated state:

    • Both: Incoming and outgoing traffic is blocked on port until authentication occurs.

    • In: Only incoming traffic is blocked on port before authentication occurs.

    • Outgoing: traffic with unknown destination addresses is flooded on the unauthenticated 802.1X-aware port.

    show port-access authenticator Command

The information displayed with the show port-access authenticator command for individual (config | statistics | session-counters | vlan | clients) options is described below.

Syntax

show port-access authenticator config [port-list]

Displays 802.1X port-access authenticator configuration settings, including:

  • Whether port-access authentication is enabled

  • Whether RADIUS-assigned dynamic VLANs are supported

  • 802.1X configuration of ports that are enabled as 802.1X authenticators (See the syntax descriptions in Reconfigure Settings for Port-Access. Use the show running command to view the current client-limit configuration available for switches.)

You can display 802.1X port-access authenticator configuration for all switch ports or specified ports. 802.1X configuration information for ports that are not enabled as 802.1X authenticators is not displayed.

show port-access authenticator config Command