show port-access authenticator clients

The show port-access authenticator clients command

Syntax:


show port-access authenticator clients [port-list]

Displays the session status, name, and address for each 802.1X port-access-authenticated client on the switch. Multiple authenticated clients may be displayed for the same port. The IP address displayed is taken from the DHCP binding table (learned through the DHCP Snooping feature).

  • If DHCP snooping is not enabled on the switch, n/a (not available) is displayed for a client IP address.

  • If an 802.1X-authenticated client uses an IPv6 address, n/a - IPv6 is displayed.

  • If DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table, n/a - no info is displayed.

The show port-access authenticator clients command output

Switch (config)# show port-access authenticator clients

Port Access Authenticator Client Status

Port  Client Name MAC Address   IP Address      Session Status
----- ----------- ------------- --------------- --------------
1     webuser1    001321-eb8063 192.192.192.192 Authenticated
1     webuser2    001560-b3ea48 n/a - no info   Authenticating
1     webuser3    000000-111111 n/a - IPv6      Authenticating
3     webuser4    000000-111112 n/a             Authenticating

Syntax:


show port-access authenticator clients <port-list> detailed

Displays detailed information on the status of 802.1X-authenticated client sessions on specified ports, including the matches the switch detects for individual ACEs configured with the cnt (counter) option in an ACL assigned to the port by a RADIUS server.

Output for the show port-access authenticator clients detailed command

Switch (config)# show port-access authenticator clients 5 detailed

Port Access Authenticator Client Status Detailed

Client Base Details :
Port           : 5
Session Status : Open             Session Time(sec) : 999999999
Frames In      : 999999999        Frames Out        : 99999999
Username       : webuser1         MAC Address       : 001321-eb8063
IP             : 2001:fecd:ba23:cd1f:dcb1:1010:9234:4088

Access Policy Details :
COS Map        : 70000000                 In Limit %  : 87
Untagged VLAN  : 3096                     Out Limit % : 100
Tagged VLANs   : 1, 3, 5, 6, 334, 2066
RADIUS-ACL List :
  deny in udp from any to 10.2.8.233 CNT
     Hit Count: 10
  permit in udp from any to 10.2.8.233 CNT
     Hit Count: 17
  deny in tcp from any to 10.2.8.233 CNT
     Hit Count: 1
  permit in tcp from any to 10.2.8.233 CNT
     Hit Count: 11
  permit in ip from any to any cnt
     Hit Count: 42