Display the Current EAP-Based Security Status
Use the following procedure to display the status of the EAP-based security.
Procedure
Examples
Switch:>enable
Switch:1#config terminal
Switch:1(config)#interface gigabitEthernet 1/2
Switch:1(config-if)#show eapol port 1/2
================================================================================================================================
Eapol Configuration
================================================================================================================================
PORT STATUS OPER DYN Flex-UNI MAX QUIET NON-EAP LLDP-AUTH MAX MAX MAX ADMIN OPER TRAFFIC ORIGIN
NUM MODE MHSA ENABLE REQ INTVL ENABLE ENABLE MAC EAP NEAP TRAFFIC TRAFFIC CONTROL
CONTROL CONTROL ORIGIN
================================================================================================================================
1/2 Auth MHMV false true 2 60 false false 2 2 2 in-out in-out CONFIG CONFIG
--------------------------------------------------------------------------------------------------------------------------------
================================================================================================================================
Eapol Configuration
================================================================================================================================
PORT REAUTH REAUTH REAUTH REAUTH GST GST FAIL FAIL COA ORIGIN
NUM ENABLE ORIGIN PERIOD PERIOD VLAN I-SID VLAN I-SID ENABLE
ORIGIN
================================================================================================================================
1/2 false CONFIG 3600 CONFIG N/A N/A N/A N/A false CONFIG
Switch:>enable
Switch:1#config terminal
Switch:1(config)#show eapol sessions eap verbose
============================================================================================================
Eap Oper Status Verbose
============================================================================================================
PORT MAC PAE VLAN PRI Flex-UNI I-SID VLAN:I-SID ACL ACEs DYN RADIUS DYNAMIC
NUM STATUS ID Enable SOURCE MHSA SETTINGS
-----------------------------------------------------------------------------------------------------------
1/13 00:00:11:11:16:02 authenticated 111 1 false n/a DHCPSNOOP, DAI
1/13 00:00:11:11:16:03 authenticated 111 1 false n/a DHCPSNOOP
============================================================================================================
============================================================================================================
PORT MAC DYNAMIC VLAN ATTRIBUTES
NUM CREATE PV SV I-SID EV VLAN NAME I-SID NAME MVPN I-SID
------------------------------------------------------------------------------------------------------------
1/14 00:00:00:00:00:01 pvlan 301 3001 1301 0 v301 isid301 100
Switch:>enable
Switch:1#config terminal
Switch:1(config)#show eapol sessions neap verbose
====================================================================================================================================
Non-Eap Oper Status Verbose
====================================================================================================================================
PORT MAC STATE VLAN PRI Flex-UNI I-SID NON-EAP VLAN:I-SID ACL ACEs DYN RADIUS DYNAMIC
NUM ID Enable SOURCE AUTH MHSA SETTINGS
------------------------------------------------------------------------------------------------------------------------------------
1/15 00:00:00:00:00:15 authenticated 1 0 false n/a radius IPSG, DHCPSNOOP, DAI, IGMPSNOOP
1/15 00:00:00:00:00:16 authenticated 1 0 false n/a radius BPDU, SLPPGUARD, WOL, AN-ADVERTISEMENTS:100F
------------------------------------------------------------------------------------------------------------------------------------
Total Number of NEAP Sessions: 2
=====================================================================================================================================
=====================================================================================================================================
PORT MAC DYNAMIC VLAN ATTRIBUTES
NUM CREATE PV SV I-SID EV VLAN NAME I-SID NAME MVPN I-SID
------------------------------------------------------------------------------------------------------------------------------------
1/14 00:00:00:00:00:01 pvlan 301 3001 1301 0 v301 isid301 100
Switch:1>show eapol system
=================================================================
Eapol System
=================================================================
eap : disabled
Eapol Version : 3
non-eap-pwd-fmt : mac-addr
non-eap-pwd-fmt key : ******
non-eap-pwd-fmt padding : disabled
auto-isid-offset status : disabled
auto-isid-offset value : 1000
Variable Definitions
The following table defines parameters for the show eapol command.
|
Variable |
Value |
|---|---|
|
auth-stats [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] |
Displays the authentication statistics interface. Note:
auth-stats [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] is useful only for EAP supplicants. The command output changes only when the EAP supplicant tries to access the network. |
|
port {interface [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] | {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}} |
Specifies the ports to display. If no port is entered, all ports are displayed. |
|
session-stats interface [gigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] |
Displays the authentication session statistics interface. |
|
sessions {eap | neap} [vlan<1-4059>] [{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] [verbose] |
Displays EAP and non-EAP authentication sessions on the port. |
|
summary port[{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] |
Displays EAP and NEAP clients. |
|
system |
Displays EAP settings. |