Display the Current EAP-Based Security Status

Use the following procedure to display the status of the EAP-based security.

Procedure

  1. Enter Privileged EXEC mode:

    enable

  2. Display the current EAP-based security status:
    • show eapol auth-stats interface [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}]

    • show eapol port {interface [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] | {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}}

    • show eapol session-stats interface [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}]

    • show eapol sessions {eap | neap} [vlan <1-4059>] [{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]} [verbose]

    • show eapol summary port [{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}]

    • show eapol system

    • show eapol sessions eap verbose

    • show eapol sessions neap verbose

Examples

Switch:>enable
Switch:1#config terminal
Switch:1(config)#interface gigabitEthernet 1/2
Switch:1(config-if)#show eapol port 1/2

================================================================================================================================
                         Eapol Configuration
================================================================================================================================
PORT  STATUS  OPER  DYN   Flex-UNI  MAX  QUIET  NON-EAP  LLDP-AUTH  MAX  MAX  MAX   ADMIN    OPER     TRAFFIC         ORIGIN
NUM           MODE  MHSA  ENABLE    REQ  INTVL  ENABLE   ENABLE     MAC  EAP  NEAP  TRAFFIC  TRAFFIC  CONTROL
                                                                                    CONTROL  CONTROL  ORIGIN
================================================================================================================================
1/2   Auth    MHMV  false true      2    60     false    false      2    2    2     in-out   in-out   CONFIG          CONFIG
--------------------------------------------------------------------------------------------------------------------------------
================================================================================================================================
                 Eapol Configuration
================================================================================================================================
PORT  REAUTH  REAUTH      REAUTH  REAUTH      GST   GST       FAIL  FAIL      COA     ORIGIN
NUM   ENABLE  ORIGIN      PERIOD  PERIOD      VLAN  I-SID     VLAN  I-SID     ENABLE
                                  ORIGIN                                                       
================================================================================================================================
1/2   false   CONFIG      3600    CONFIG      N/A   N/A       N/A   N/A       false   CONFIG
Switch:>enable
Switch:1#config terminal
Switch:1(config)#show eapol sessions eap verbose 
============================================================================================================
                                   Eap Oper Status Verbose
============================================================================================================
PORT    MAC               PAE           VLAN  PRI  Flex-UNI I-SID VLAN:I-SID ACL ACEs DYN    RADIUS DYNAMIC      
NUM                      STATUS          ID         Enable  SOURCE                    MHSA   SETTINGS       
-----------------------------------------------------------------------------------------------------------
1/13  00:00:11:11:16:02  authenticated    111  1    false  n/a                               DHCPSNOOP, DAI
1/13  00:00:11:11:16:03  authenticated    111  1    false  n/a                               DHCPSNOOP


============================================================================================================
============================================================================================================
PORT  MAC             DYNAMIC VLAN ATTRIBUTES
NUM                     CREATE PV  SV   I-SID  EV  VLAN NAME I-SID NAME  MVPN I-SID
------------------------------------------------------------------------------------------------------------
1/14  00:00:00:00:00:01 pvlan  301 3001 1301   0   v301      isid301     100 
Switch:>enable
Switch:1#config terminal
Switch:1(config)#show eapol sessions neap verbose 
====================================================================================================================================
                                    Non-Eap Oper Status Verbose
====================================================================================================================================
PORT  MAC              STATE        VLAN PRI Flex-UNI I-SID   NON-EAP VLAN:I-SID ACL  ACEs DYN    RADIUS DYNAMIC           
NUM                                 ID       Enable   SOURCE   AUTH                        MHSA    SETTINGS                 
------------------------------------------------------------------------------------------------------------------------------------
1/15 00:00:00:00:00:15 authenticated 1     0  false   n/a      radius                           IPSG, DHCPSNOOP, DAI, IGMPSNOOP
1/15 00:00:00:00:00:16 authenticated 1     0  false   n/a      radius                    BPDU, SLPPGUARD, WOL, AN-ADVERTISEMENTS:100F
------------------------------------------------------------------------------------------------------------------------------------
Total Number of NEAP Sessions: 2
=====================================================================================================================================
=====================================================================================================================================
PORT  MAC             DYNAMIC VLAN ATTRIBUTES
NUM                   CREATE   PV  SV   I-SID    EV VLAN NAME I-SID NAME  MVPN I-SID    
------------------------------------------------------------------------------------------------------------------------------------
1/14  00:00:00:00:00:01 pvlan  301 3001 1301     0  v301      isid301     100  
Switch:1>show eapol system
=================================================================
                                  Eapol System
=================================================================
                     eap : disabled
           Eapol Version : 3
         non-eap-pwd-fmt : mac-addr
     non-eap-pwd-fmt key : ******
 non-eap-pwd-fmt padding : disabled
 auto-isid-offset status : disabled
 auto-isid-offset value  : 1000

Variable Definitions

The following table defines parameters for the show eapol command.

Variable

Value

auth-stats [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}]

Displays the authentication statistics interface.

Note:

auth-stats [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] is useful only for EAP supplicants. The command output changes only when the EAP supplicant tries to access the network.

port {interface [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] | {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}}

Specifies the ports to display. If no port is entered, all ports are displayed.

session-stats interface [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}]

Displays the authentication session statistics interface.

sessions {eap | neap} [vlan<1-4059>] [{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] [verbose]

Displays EAP and non-EAP authentication sessions on the port.

summary port[{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}]

Displays EAP and NEAP clients.

system

Displays EAP settings.