HP ProCurve 9304M Security Manual page 109

The following is an example of the show interface command indicating the port's dynamically assigned VLAN.
Information about the dynamically assigned VLAN is shown in bold type.
ProCurveRS# show interface e 12/2
FastEthernet12/2 is up, line protocol is up
Hardware is FastEthernet, address is 0204.80a0.4681 (bia 0204.80a0.4681)
Configured speed auto, actual 100Mbit, configured duplex fdx, actual fdx
Member of L2 VLAN ID 2 (dot1x-RADIUS assigned), original L2 VLAN ID is 1,
port is untagged, port state is FORWARDING
STP configured to ON, priority is level0, flow control enabled
mirror disabled, monitor disabled
Not member of any active trunks
Not member of any configured trunks
No port name
MTU 1518 bytes
300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
300 second output rate: 256 bits/sec, 0 packets/sec, 0.00% utilization
3 packets input, 192 bytes, 0 no buffer
Received 0 broadcasts, 0 multicasts, 3 unicasts
0 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants, DMA received 3 packets
919 packets output, 58816 bytes, 0 underruns
Transmitted 1 broadcasts, 916 multicasts, 2 unicasts
0 output errors, 0 collisions, DMA transmitted 919 packets
In this example, the 802.1X-enabled port has been moved from VLAN 1 to VLAN 2. When the client disconnects,
the port will be moved back to VLAN 1.
The show run command also indicates the VLAN to which the port has been dynamically assigned. The output
can differ depending on whether GARP VLAN Registration Protocol (GVRP) is enabled on the device:
• Without GVRP – When you enter the show run command, the output indicates that the port is a member of
the VLAN to which it was dynamically assigned through 802.1X. If you then enter the write memory
command, the VLAN to which the port is currently assigned becomes the port's default VLAN in the device's
configuration.
• With GVRP – When you enter the show run command, if the VLAN name supplied by the RADIUS server
corresponds to a VLAN learned through GVRP, then the output indicates that the port is a member of the
VLAN to which it was originally assigned (not the VLAN to which it was dynamically assigned).
If the VLAN name supplied by the RADIUS server corresponds to a statically configured VLAN, the output
indicates that the port is a member of the VLAN to which it was dynamically assigned through 802.1X. If you
then enter the write memory command, the VLAN to which the port is currently assigned becomes the port's
default VLAN in the device's configuration.
Displaying Information About Dynamically Applied MAC Filters and IP ACLs
You can display information about the user-defined and dynamically applied MAC filters and IP ACLs currently
active on the device.
Displaying User-Defined MAC Filters and IP ACLs
To display the user-defined MAC filters active on the device, enter the following command:
ProCurveRS# show dot1x mac-address-filter
Port 1/3 (User defined MAC Address Filter):
mac filter 1 permit any any
Syntax: show dot1x mac-address-filter
To display the user-defined IP ACLs active on the device, enter the following command:
June 2005
Configuring 802.1X Port Security
4 - 23