Chapter 8
| Authentication Commands
802.1X Port Authentication
Max Request – Maximum number of times a port will retransmit an EAP
■
request/identity packet to the client before it times out the authentication
session
(page
259).
Operation Mode– Shows if single or multiple hosts (clients) can connect to
■
an 802.1X-authorized port.
Port Control–Shows the dot1x mode on a port as auto, force-authorized, or
■
force-unauthorized
Intrusion Action– Shows the port response to intrusion when
■
authentication fails
Supplicant– MAC address of authorized client.
■
◆
Authenticator PAE State Machine
State – Current state (including initialize, disconnected, connecting,
■
authenticating, authenticated, aborting, held, force_authorized,
force_unauthorized).
Reauth Count– Number of times connecting state is re-entered.
■
Current Identifier– The integer (0-255) used by the Authenticator to identify
■
the current authentication session.
◆
Backend State Machine
State – Current state (including request, response, success, fail, timeout,
■
idle, initialize).
Request Count– Number of EAP Request packets sent to the Supplicant
■
without receiving a response.
Identifier (Server)– Identifier carried in the most recent EAP Success, Failure
■
or Request packet received from the Authentication Server.
◆
Reauthentication State Machine
State – Current state (including initialize, reauthenticate).
Example
Console#show dot1x
Global 802.1X Parameters
System Auth Control
Authenticator Parameters:
EAPOL Pass Through
802.1X Port Summary
Port
Type
-------- ------------- -------------- ------------------ ----------
Eth 1/ 1 Disabled
Eth 1/ 2 Disabled
.
.
.
Eth 1/27 Disabled
Eth 1/28 Enabled
802.1X Port Details
802.1X Authenticator is enabled on port 1/1
802.1X Supplicant is disabled on port 1/1
(page
261).
(page
258).
: Enabled
: Disabled
Operation Mode Control Mode
Single-Host
Force-Authorized
Single-Host
Force-Authorized
Single-Host
Force-Authorized
Single-Host
Auto
– 266 –
Authorized
Yes
Yes
Yes
Yes