7.2.2 Viewing IEEE802.1X Status

<Structure of this section>

(1) Viewing Authentication Status

(1) Viewing Authentication Status

Use the show dot1x command to display the status of IEEE 802.1X authentication.

(a) Status of the entire switch

Execute the show dot1x command to display the status of IEEE 802.1X authentication on the Switch.

Figure 7-1: Show dot1x messages you see
> show dot1x Date 20XX/10/20 10:52:40 UTC System 802.1X : Enable Port/ChGr/VLAN AccessControl PortControl Status Supplicants Port 0/1 --- Auto Authorized 1 Port 0/2 Multiple-Hosts Auto Unauthorized 0 Port 0/3 Multiple-Auth Auto --- 0 ChGr 32 Multiple-Auth Auto --- 1 VLAN 10 Multiple-Auth Auto --- 1 VLAN 11 Multiple-Auth Auto --- 0 VLAN 12 Multiple-Auth Auto --- 0 VLAN(Dynamic) Multiple-Auth Auto --- 1

Figure 7-1: Show dot1x messages you see

> show dot1x
Date 20XX/10/20 10:52:40 UTC
System 802.1X : Enable
 
Port/ChGr/VLAN    AccessControl    PortControl         Status       Supplicants
Port  0/1         ---              Auto                Authorized   1
Port  0/2         Multiple-Hosts   Auto                Unauthorized 0
Port  0/3         Multiple-Auth    Auto                ---          0
ChGr  32          Multiple-Auth    Auto                ---          1
VLAN 10           Multiple-Auth    Auto                ---          1
VLAN 11           Multiple-Auth    Auto                ---          0
VLAN 12           Multiple-Auth    Auto                ---          0
VLAN(Dynamic)     Multiple-Auth    Auto                ---          1

(b) Displaying the status of port-based authentication

To display the individual status of ports subject to port-based authentication, use the show dot1x port command. To view the status of a channel group, use the show dot1x channel-group-number command.

If you specify a port number, the command outputs status information for the specified port.

Specify the detail parameter to include information about terminals authenticated in the VLAN.

Figure 7-2: Result of executing show dot1x port command (when detail parameter is specified)
> show dot1x port 0/1 detail Date 20XX/10/20 10:52:48 UTC Port 0/1 AccessControl : --- PortControl : Auto Status : Authorized Last EAPOL : 0012.e200.0021 Supplicants : 1 / 1 ReAuthMode : Enable TxTimer(s) : 9 / 30 ReAuthTimer(s): 3585 / 3600 ReAuthSuccess : 0 ReAuthFail : 0 KeepUnauth(s) : --- / 3600 Supplicants MAC Status AuthState BackEndState ReAuthSuccess SessionTime(s) Date/Time 0012.e200.0021 Authorized Authenticated Idle 0 15 20XX/10/20 10:52:32

Figure 7-2: Result of executing show dot1x port command (when detail parameter is specified)

> show dot1x port 0/1 detail
Date 20XX/10/20 10:52:48 UTC
Port  0/1
AccessControl  : ---                       PortControl   : Auto
Status         : Authorized                Last EAPOL    : 0012.e200.0021
Supplicants    : 1 / 1                     ReAuthMode    : Enable
TxTimer(s)     : 9     / 30                ReAuthTimer(s): 3585  / 3600
ReAuthSuccess  : 0                         ReAuthFail    : 0
KeepUnauth(s)  : ---   / 3600
 
 Supplicants MAC     Status         AuthState      BackEndState   ReAuthSuccess
                     SessionTime(s) Date/Time
 0012.e200.0021      Authorized     Authenticated  Idle           0
                     15             20XX/10/20 10:52:32

(c) Displaying the status of VLAN authenticated (static)

Use the show dot1x vlan command to display the individual status of VLANs subject to VLAN-based authentication (static). If you specify a VLAN ID, the command outputs status information for the specified VLAN. Specify the detail parameter to include information about terminals authenticated in the VLAN.

Figure 7-3: Result of executing show dot1x vlan command (when detail parameter is specified)
> show dot1x vlan 20 detail Date 20XX/10/20 10:52:48 UTC VLAN 20 AccessControl : Multiple-Auth PortControl : Auto Status : --- Last EAPOL : 0012.e200.0003 Supplicants : 2 / 2 / 256 ReAuthMode : Enable TxTimer(s) : 3518 / 3600 ReAuthTimer(s): 3548 / 3600 ReAuthSuccess : 0 ReAuthFail : 0 SuppDetection : Shortcut Port(s): 0/1-10, ChGr 1-5 Force-Authorized Port(s): 0/4,8-10, ChGr 1-5 Supplicants MAC Status AuthState BackEndState ReAuthSuccess SessionTime(s) Date/Time [Port 0/1] 0012.e200.0003 Authorized Authenticated Idle 0 84 20XX/10/20 10:51:24 [Port 0/3] 0012.e200.0004 Authorized Authenticated Idle 0 5 20XX/10/20 10:51:03

Figure 7-3: Result of executing show dot1x vlan command (when detail parameter is specified)

> show dot1x vlan 20 detail
Date 20XX/10/20 10:52:48 UTC
VLAN 20
AccessControl  : Multiple-Auth             PortControl   : Auto
Status         : ---                       Last EAPOL    : 0012.e200.0003
Supplicants    : 2 / 2 / 256               ReAuthMode    : Enable
TxTimer(s)     : 3518  / 3600              ReAuthTimer(s): 3548  / 3600
ReAuthSuccess  : 0                         ReAuthFail    : 0
SuppDetection  : Shortcut
Port(s): 0/1-10, ChGr  1-5
Force-Authorized Port(s): 0/4,8-10, ChGr  1-5
 
 Supplicants MAC     Status         AuthState      BackEndState   ReAuthSuccess
                     SessionTime(s) Date/Time
 [Port 0/1]
 0012.e200.0003      Authorized     Authenticated  Idle           0
                     84             20XX/10/20 10:51:24
 [Port 0/3]
 0012.e200.0004      Authorized     Authenticated  Idle           0
                     5              20XX/10/20 10:51:03

(d) Displaying the status of VLAN Permission (Dynamic)

Use the show dot1x vlan dynamic command to display the individual status of VLANs subject to VLAN-based authentication (dynamic). If you specify a VLAN ID, the command outputs status information for the specified VLAN. Specify the detail parameter to include information about terminals authenticated in the VLAN.

Figure 7-4: Result of executing show dot1x vlan dynamic command (when detail parameter is specified)
> show dot1x vlan dynamic detail Date 20XX/10/20 10:52:48 UTC VLAN(Dynamic) AccessControl : Multiple-Auth PortControl : Auto Status : --- Last EAPOL : 0012.e200.0005 Supplicants : 1 / 1 / 256 ReAuthMode : Disable TxTimer(s) : 3556 / 3600 ReAuthTimer(s): 3586 / 3600 ReAuthSuccess : 0 ReAuthFail : 0 SuppDetection : Shortcut VLAN(s): 20 Supplicants MAC Status AuthState BackEndState ReAuthSuccess SessionTime(s) Date/Time [VLAN 20] VLAN(Dynamic) Supplicants : 1 0012.e200.0005 Authorized Authenticated Idle 0 44 20XX/10/20 10:52:03

Figure 7-4: Result of executing show dot1x vlan dynamic command (when detail parameter is specified)

> show dot1x vlan dynamic detail
Date 20XX/10/20 10:52:48 UTC
VLAN(Dynamic)
AccessControl  : Multiple-Auth             PortControl   : Auto
Status         : ---                       Last EAPOL    : 0012.e200.0005
Supplicants    : 1 / 1 / 256               ReAuthMode    : Disable
TxTimer(s)     : 3556  / 3600              ReAuthTimer(s): 3586  / 3600
ReAuthSuccess  : 0                         ReAuthFail    : 0
SuppDetection  : Shortcut
VLAN(s): 20
 
 Supplicants MAC     Status         AuthState      BackEndState   ReAuthSuccess
                     SessionTime(s) Date/Time
 [VLAN 20]           VLAN(Dynamic) Supplicants : 1
 0012.e200.0005      Authorized     Authenticated  Idle           0
                     44             20XX/10/20 10:52:03