Display the Current EAP-Based Security Status
Use the following procedure to display the status of the EAP-based security.
Procedure
Examples
Switch:>enable Switch:1#config terminal Switch:1(config)#interface gigabitEthernet 1/2 Switch:1(config-if)#show eapol port 1/2 ================================================================================================================================ Eapol Configuration ================================================================================================================================ PORT STATUS OPER DYN Flex-UNI MAX QUIET NON-EAP LLDP-AUTH MAX MAX MAX ADMIN OPER TRAFFIC ORIGIN NUM MODE MHSA ENABLE REQ INTVL ENABLE ENABLE MAC EAP NEAP TRAFFIC TRAFFIC CONTROL CONTROL CONTROL ORIGIN ================================================================================================================================ 1/2 Auth MHMV false true 2 60 false false 2 2 2 in-out in-out CONFIG CONFIG -------------------------------------------------------------------------------------------------------------------------------- ================================================================================================ Eapol Configuration ================================================================================================ PORT REAUTH REAUTH REAUTH REAUTH GST GST FAIL FAIL COA ORIGIN NUM ENABLE ORIGIN PERIOD PERIOD VLAN I-SID VLAN I-SID ENABLE ORIGIN ================================================================================================ 1/2 false CONFIG 3600 CONFIG N/A N/A N/A N/A false CONFIG ------------------------------------------------------------------------------------------------
Switch:>enable Switch:1#config terminal Switch:1(config)#show eapol sessions eap verbose ============================================================================================================ Eap Oper Status Verbose ============================================================================================================ PORT MAC PAE VLAN PRI Flex-UNI I-SID VLAN:I-SID ACL ACEs DYN RADIUS DYNAMIC NUM STATUS ID Enable SOURCE MHSA SETTINGS ------------------------------------------------------------------------------------------------- 1/13 00:00:11:11:16:02 authenticated 111 1 false n/a DHCPSNOOP, DAI 1/13 00:00:11:11:16:03 authenticated 111 1 false n/a DHCPSNOOP ================================================================================================= ================================================================================================= PORT MAC DYNAMIC VLAN ATTRIBUTES NUM CREATE PV SV VNI EV VN VNIN 1/14 00:00:00:00:00:01 pvlan 301 3001 1301 0 v301 isid301
Switch:>enable Switch:1#config terminal Switch:1(config)#show eapol sessions neap verbose ================================================================================================================ Non-Eap Oper Status Verbose ================================================================================================================ PORT MAC STATE VLAN PRI Flex-UNI I-SID NON-EAP VLAN:I-SID ACL ACEs DYN RADIUS DYNAMIC NUM ID Enable SOURCE AUTH MHSA SETTINGS ---------------------------------------------------------------------------------------------------------------- 1/15 00:00:00:00:00:15 authenticated 1 0 false n/a radius IPSG, DHCPSNOOP, DAI, IGMPSNOOP 1/15 00:00:00:00:00:16 authenticated 1 0 false n/a radius BPDU, SLPPGUARD, WOL, AN-ADVERTISEMENTS:100F ----------------------------------------------------------------------------------------------------------------- Total Number of NEAP Sessions: 2 ================================================================================================= ================================================================================================= PORT MAC DYNAMIC VLAN ATTRIBUTES NUM CREATE PV SV VNI EV VN VNIN 1/14 00:00:00:00:00:01 pvlan 301 3001 1301 0 v301 isid301
Switch:1>show eapol system ================================================================================ Eapol System ================================================================================ eap : disabled Eapol Version : 3 non-eap-pwd-fmt : mac-addr non-eap-pwd-fmt key : ****** non-eap-pwd-fmt padding : disabled auto-isid-offset status : disabled auto-isid-offset value : 1000
Variable Definitions
The following table defines parameters for the show eapol command.
Variable |
Value |
---|---|
auth-stats [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] |
Displays the authentication statistics interface. Note:
auth-stats [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] is useful only for EAP supplicants. The command output changes only when the EAP supplicant tries to access the network. |
port {interface [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] | {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}} |
Specifies the ports to display. If no port is entered, all ports are displayed. |
session-stats interface [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] |
Displays the authentication session statistics interface. |
sessions {eap | neap} [vlan<1-4059>] [{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] [verbose] |
Displays EAP and non-EAP authentication sessions on the port. |
summary port[{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] |
Displays EAP and NEAP clients. |
system |
Displays EAP settings. |