Configuring Port-Based and User-Based Access Control (802.1X)
Displaying 802.1X Configuration, Statistics, and Counters
Access Control Port’s authentication mode:
Auto: Network access is allowed to any connected device that supports 802.1X
authentication and provides valid 802.1X credentials.
Authorized: Network access is allowed to any device connected to the port,
regardless of whether it meets 802.1X criteria.
Unauthorized: Network access is blocked to any device connected to the port,
regardless of whether the device meets 802.1X criteria.
Max reqs Number of authentication attempts that must time-out before authentication fails and
the authentication session ends.
Quiet Period Period of time (in seconds) during which the port does not try to acquire a supplicant.
TX Timeout Period of time (in seconds) that the port waits to retransmit the next EAPOL PDU
during an authentication session.
Supplicant Timeout Period of time (in seconds) that the switch waits for a supplicant response to an EAP
request.
Server Timeout Period of time (in seconds) that the switch waits for a server response to an
authentication request.
Cntrl Dir Directions in which flow of incoming and outgoing traffic is blocked on 802.1X-aware
port that has not yet entered the authenticated state:
Both: Incoming and outgoing traffic is blocked on port until authentication occurs.
In: Only incoming traffic is blocked on port before authentication occurs. Outgoing
traffic with unknown destination addresses is flooded on the unauthenticated
802.1X-aware port.
Syntax: show port-access authenticator statistics [port-list]
Displays statistical information for all switch ports or spec-
ified ports that are enabled as 802.1X authenticators, includ-
ing:
• Whether port-access authentication is enabled
• Whether RADIUS-assigned dynamic VLANs are supported
• 802.1X supplicant’s MAC address as determined by the
content of the last EAPOL frame received on the port
• 802.1X traffic statistics from received and transmitted
packets
802.1X configuration information for ports that are not
enabled as an 802.1X authenticators is not displayed.
12-57
