show port-access authenticator

The port-access authenticator command


show port-access authenticator [port-list] [config|statistics|session-counters|vlan|clients]|[detailed]

If you enter the show port-access authenticator command without an optional value, the following configuration information is displayed for all switch ports, or specified ports, that are enabled for 802.1X port-access authentication:

  • Port-access authenticator activated: Are any switch ports configured to operate as 802.1X authenticators using the aaa port-access authenticator command? Yes or No

  • Allow RADIUS-assigned dynamic (GVRP) VLANs: Are RADIUS-assigned dynamic (GVRP-learned) VLANs supported for authenticated and unauthenticated client sessions on the switch? Yes or No

  • Auth Clients: Number of authorized clients

  • Unauth Clients: Number of unauthorized clients

  • Untagged VLAN: VLAN ID number of the untagged VLAN used in client sessions. If the switch supports MAC-based (untagged) VLANs, MAC-based is displayed to show that multiple untagged VLANs are configured for authentication sessions.

  • Tagged VLANs: Are tagged VLANs (statically configured or RADIUS-assigned) used for authenticated clients? Yes or No

  • Port CoS:
    • Yes – Client-specific CoS (Class of Service) values are applied to more than one authenticated client on the port.

    • No – No client-specific CoS values are applied to any authenticated client on the port.

    • <CoS value> – Numerical value of the CoS (802.1p priority) applied to inbound traffic from one authenticated client. For client-specific per-port CoS values, enter the show port-access web-based clients detailed command.

  • % In Limit: Inbound rate limit applied.

  • RADIUS ACL: Are RADIUS-assigned ACLs used for authenticated clients? Yes or No

  • Cntrl Dir: Direction in which flow of incoming and outgoing traffic is blocked on 802.1X-aware port that has not yet entered the authenticated state:
    • Both: Incoming and outgoing traffic is blocked on port until authentication occurs.

    • In: Only incoming traffic is blocked on port before authentication occurs. Outgoing traffic with unknown destination addresses is flooded on the unauthenticated 802.1X-aware port.

The show port-access authenticator command

HP Switch(config)# show port-access authenticator

Port Access Authenticator Status

Port-access authenticator activated [No] : Yes
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : Yes

     Auth    Unauth   Untagged Tagged           % In   RADIUS Cntrl
Port Clients Clients  VLAN     VLANs  Port COS  Limit  ACL    Dir
---- ------- -------- -------- ------ --------- ------ ------ -----
1    1       1        4006     Yes    77777777  No     Yes    both
2    2       0        MACbased No     No        No     Yes    both
3    4       0        1        Yes    No        No     No     both