Display the Current EAP-Based Security Status

Use the following procedure to display the status of the EAP-based security.

Procedure

  1. Enter Privileged EXEC mode:

    enable

  2. Display the current EAP-based security status:
    • show eapol auth-stats interface [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}]

    • show eapol port {interface [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] | {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}}

    • show eapol session-stats interface [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}]

    • show eapol sessions {eap | neap} [vlan <1-4059>] [{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} [verbose]

    • show eapol summary port [{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}]

    • show eapol system

Examples

Switch:1>show eapol system
================================================================================
                                  Eapol System
================================================================================
                     eap : disabled
           Eapol Version : 3
         non-eap-pwd-fmt : mac-addr
     non-eap-pwd-fmt key : ******
 non-eap-pwd-fmt padding : disabled
 auto-isid-offset status : disabled
 auto-isid-offset value  : 1000
Switch:>enable
Switch:1#config terminal
Switch:1(config)#show eapol sessions eap verbose 
=================================================================================================
                                   Eap Oper Status Verbose
=================================================================================================
PORT    MAC               PAE           VLAN  PRI  Flex-UNI I-SID VLAN:I-SID ACL ACEs RADIUS DYNAMIC      
NUM                      STATUS          ID         Enable  SOURCE                      SETTINGS       
-------------------------------------------------------------------------------------------------
1/13  00:00:11:11:16:02  authenticated    111  1    false  n/a                      DHCPSNOOP, DAI
1/13  00:00:11:11:16:03  authenticated    111  1    false  n/a                         DHCPSNOOP
Switch:>enable
Switch:1#config terminal
Switch:1(config)#show eapol sessions neap verbose 
=================================================================================================
                                    Non-Eap Oper Status Verbose
=================================================================================================
PORT  MAC              STATE        VLAN PRI Flex-UNI I-SID   NON-EAP VLAN:I-SID ACL  ACEs RADIUS DYNAMIC           
NUM                                 ID       Enable   SOURCE   AUTH                        SETTINGS                 
-------------------------------------------------------------------------------------------------
1/15 00:00:00:00:00:15 authenticated 1     0  false   n/a      radius                    IPSG, DHCPSNOOP, DAI, IGMPSNOOP
1/15 00:00:00:00:00:16 authenticated 1     0  false   n/a      radius                    BPDU, SLPPGUARD, WOL, AN-ADVERTISEMENTS:100F
-------------------------------------------------------------------------------------------------
Total Number of NEAP Sessions: 2

Variable Definitions

The following table defines parameters for the show eapol command.

Variable

Value

auth-stats [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}]

Displays the authentication statistics interface.

Note:

auth-stats [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] is useful only for EAP supplicants. The command output changes only when the EAP supplicant tries to access the network.

port {interface [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] | {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}}

Specifies the ports to display. If no port is entered, all ports are displayed.

session-stats interface [gigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}]

Displays the authentication session statistics interface.

sessions {eap | neap} [vlan<1-4059>] [{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}] [verbose]

Displays EAP and non-EAP authentication sessions on the port.

summary port[{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}]

Displays EAP and NEAP clients.

system

Displays EAP settings.