Display the Current EAP-Based Security Status
Use the following procedure to display the status of the EAP-based security.
Procedure
Examples
Switch:>enable Switch:1#config terminal Switch:1(config)#interface gigabitEthernet 1/2 Switch:1(config-if)#show eapol port 1/2 ================================================================================================================================ Eapol Configuration ================================================================================================================================ PORT STATUS OPER DYN Flex-UNI MAX QUIET NON-EAP LLDP-AUTH MAX MAX MAX ADMIN OPER TRAFFIC ORIGIN NUM MODE MHSA ENABLE REQ INTVL ENABLE ENABLE MAC EAP NEAP TRAFFIC TRAFFIC CONTROL CONTROL CONTROL ORIGIN ================================================================================================================================ 1/2 Auth MHMV false true 2 60 false false 2 2 2 in-out in-out CONFIG CONFIG -------------------------------------------------------------------------------------------------------------------------------- ================================================================================================================================ Eapol Configuration ================================================================================================================================ PORT REAUTH REAUTH REAUTH REAUTH GST GST FAIL FAIL COA ORIGIN NUM ENABLE ORIGIN PERIOD PERIOD VLAN I-SID VLAN I-SID ENABLE ORIGIN ================================================================================================================================ 1/2 false CONFIG 3600 CONFIG N/A N/A N/A N/A false CONFIG
Switch:>enable Switch:1#config terminal Switch:1(config)#show eapol sessions eap verbose ============================================================================================================ Eap Oper Status Verbose ============================================================================================================ PORT MAC PAE VLAN PRI Flex-UNI I-SID VLAN:I-SID ACL ACEs DYN RADIUS DYNAMIC NUM STATUS ID Enable SOURCE MHSA SETTINGS ----------------------------------------------------------------------------------------------------------- 1/13 00:00:11:11:16:02 authenticated 111 1 false n/a DHCPSNOOP, DAI 1/13 00:00:11:11:16:03 authenticated 111 1 false n/a DHCPSNOOP ============================================================================================================ ============================================================================================================ PORT MAC DYNAMIC VLAN ATTRIBUTES NUM CREATE PV SV I-SID EV VLAN NAME I-SID NAME MVPN I-SID ------------------------------------------------------------------------------------------------------------ 1/14 00:00:00:00:00:01 pvlan 301 3001 1301 0 v301 isid301 100
Switch:>enable Switch:1#config terminal Switch:1(config)#show eapol sessions neap verbose ==================================================================================================================================== Non-Eap Oper Status Verbose ==================================================================================================================================== PORT MAC STATE VLAN PRI Flex-UNI I-SID NON-EAP VLAN:I-SID ACL ACEs DYN RADIUS DYNAMIC NUM ID Enable SOURCE AUTH MHSA SETTINGS ------------------------------------------------------------------------------------------------------------------------------------ 1/15 00:00:00:00:00:15 authenticated 1 0 false n/a radius IPSG, DHCPSNOOP, DAI, IGMPSNOOP 1/15 00:00:00:00:00:16 authenticated 1 0 false n/a radius BPDU, SLPPGUARD, WOL, AN-ADVERTISEMENTS:100F ------------------------------------------------------------------------------------------------------------------------------------ Total Number of NEAP Sessions: 2 ===================================================================================================================================== ===================================================================================================================================== PORT MAC DYNAMIC VLAN ATTRIBUTES NUM CREATE PV SV I-SID EV VLAN NAME I-SID NAME MVPN I-SID ------------------------------------------------------------------------------------------------------------------------------------ 1/14 00:00:00:00:00:01 pvlan 301 3001 1301 0 v301 isid301 100
Switch:1>show eapol system ================================================================= Eapol System ================================================================= eap : disabled Eapol Version : 3 non-eap-pwd-fmt : mac-addr non-eap-pwd-fmt key : ****** non-eap-pwd-fmt padding : disabled auto-isid-offset status : disabled auto-isid-offset value : 1000
Variable Definitions
The following table defines parameters for the show eapol command.
Variable |
Value |
---|---|
auth-stats [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] |
Displays the authentication statistics interface. Note:
auth-stats [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] is useful only for EAP supplicants. The command output changes only when the EAP supplicant tries to access the network. |
port {interface [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] | {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}} |
Specifies the ports to display. If no port is entered, all ports are displayed. |
session-stats interface [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] |
Displays the authentication session statistics interface. |
sessions {eap | neap} [vlan<1-4059>] [{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] [verbose] |
Displays EAP and non-EAP authentication sessions on the port. |
summary port[{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] |
Displays EAP and NEAP clients. |
system |
Displays EAP settings. |