show port-access authenticator
The port-access authenticator command
Syntax:
show port-access authenticator [port-list] [config|statistics|session-counters|vlan|clients]|[detailed]
If you enter the
show port-access authenticator
command without an optional value, the following configuration information is displayed for all switch ports, or specified ports, that are enabled for 802.1X port-access authentication:
Port-access authenticator activated: Are any switch ports configured to operate as 802.1X authenticators using the
aaa port-access authenticator
command?Yes
orNo
Allow RADIUS-assigned dynamic (GVRP) VLANs: Are RADIUS-assigned dynamic (GVRP-learned) VLANs supported for authenticated and unauthenticated client sessions on the switch?
Yes
orNo
Auth Clients: Number of authorized clients
Unauth Clients: Number of unauthorized clients
Untagged VLAN: VLAN ID number of the untagged VLAN used in client sessions. If the switch supports MAC-based (untagged) VLANs, MAC-based is displayed to show that multiple untagged VLANs are configured for authentication sessions.
Tagged VLANs: Are tagged VLANs (statically configured or RADIUS-assigned) used for authenticated clients?
Yes
orNo
- Port CoS:
Yes – Client-specific CoS (Class of Service) values are applied to more than one authenticated client on the port.
No – No client-specific CoS values are applied to any authenticated client on the port.
<CoS value> – Numerical value of the CoS (802.1p priority) applied to inbound traffic from one authenticated client. For client-specific per-port CoS values, enter the
show port-access web-based clients detailed
command.
% In Limit: Inbound rate limit applied.
RADIUS ACL: Are RADIUS-assigned ACLs used for authenticated clients? Yes or No
- Cntrl Dir: Direction in which flow of incoming and outgoing traffic is blocked on 802.1X-aware port that has not yet entered the authenticated state:
Both: Incoming and outgoing traffic is blocked on port until authentication occurs.
In: Only incoming traffic is blocked on port before authentication occurs. Outgoing traffic with unknown destination addresses is flooded on the unauthenticated 802.1X-aware port.
The show port-access authenticator command
switch(config)#show port-access authenticator Port Access Authenticator Status Port-access authenticator activated [No] : Yes Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : Yes Auth Unauth Untagged Tagged % In RADIUS Cntrl Port Clients Clients VLAN VLANs Port COS Limit ACL Dir ---- ------- -------- -------- ------ --------- ------ ------ ----- 1 1 1 4006 Yes 77777777 No Yes both 2 2 0 MACbased No No No Yes both 3 4 0 1 Yes No No No both