Various show commands can be used to display the following 802.1x-related information:
Enter the show dot1x command to display the overall state of 802.1X authentication on the system.
device# show dot1x 802.1X Port-Based Authentication: Enabled PAE Capability: Authenticator Only Protocol Version: 2 Auth Server: RADIUS Readiness test timeout: 10 RADIUS Configuration -------------------- Position: 1 Server Address: 10.24.65.6 Port: 1812 Secret: xxxxxxxxx Retry Interval: 5 seconds
Enter the show dot1x all command to display detailed 802.1X authentication information for all of the ports.
device# show dot1x all 802.1X Port-Based Authentication: Enabled PAE Capability: Authenticator Only Protocol Version: 2 Auth Server: RADIUS Readiness test timeout: 10 RADIUS Configuration -------------------- Position: 1 Server Address: 10.20.106.144 Port: 1812 Secret: testing123 Retry Interval: 4 seconds Position: 2 Server Address: 10.20.106.189 Port: 1812 Secret: testing123 Retry Interval: 4 seconds 802.1X info for interface Eth 1/31 --------------------------------- Port Control: Auto Protocol Version: 2 ReAuthentication: Enabled Auth Fail Max Attempts: 0 ReAuth Max: 2 Tx Period: 30 seconds Quiet Period: 60 seconds Supplicant Timeout: 30 seconds Re-Auth Interval: 3600 seconds Dynamic VLAN assigned: 50 Filter-strict-security: Enabled IP ACL assigned (IN|OUT): IPEXT-50 | IPEXT-OUT-50 MAC ACL assigned: mac-ext
Enter the show dot1x diagnostics interface command to display all diagnostics information for the authenticator associated with a port.
device# show dot1x diagnostics interface ethernet 1/2 802.1X Diagnostics for interface Eth 1/2 ---------------------------------------- authEnterConnecting: 1 authEaplogoffWhileConnecting: 0 authEnterAuthenticating: 1 authSuccessWhileAuthenticating: 1 authTimeoutWhileAuthenticating: 0 authFailWhileAuthenticating: 0 authEapstartWhileAuthenticating: 0 authEaplogoffWhileAuthenticating: 0 authReauthsWhileAuthenticated: 0 authEapstartWhileAuthenticated: 0 authEaplogoffWhileAuthenticated: 0 BackendResponses: 11 BackendAccessChallenges: 10 BackendOtherrequestToSupplicant: 11 BackendAuthSuccess: 1 BackendAuthFails: 0
Enter the show dot1x interface command to display state of a specified interface.
show dot1x interface ethernet 1/31 802.1X info for interface Eth 1/31 --------------------------------- Port Control: Auto Protocol Version: 2 ReAuthentication: Enabled Auth Fail Max Attempts: 0 ReAuth Max: 2 Tx Period: 30 seconds Quiet Period: 60 seconds Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Dynamic VLAN assigned: 50 Filter-strict-security: Enabled IP ACL assigned (IN|OUT): IPEXT-50 | IPEXT-OUT-50 MAC ACL assigned: mac-ext
Enter the show dot1x session-info interface command to display information for all clients on the port .
device# show dot1x session-info interface ethernet 1/2 802.1X Session info for interface Eth 1/2 ----------------------------------------- Mac Address: 0021.5ec6.15ce ----------------------------------------- User Name: md5user2 Session Time: 2 secs Terminate Cause: Not terminated yet Session Status: Authorized PAE State: Authenticated BE State: Idle VLAN: N/A IP ACL (IN | OUT): N/A | N/A MAC ACL: N/A Current Id: 18 Id From Server: 17
Enter the show dot1x statistics interface command to display the statistics of a specified interface.
device# show dot1x statistics interface ethernet 1/2 802.1X statistics for interface Eth 1/2 --------------------------------------- EAPOL Frames Rx: 12 EAPOL Frames Tx: 43 EAPOL Start Frames Rx: 1 EAPOL Logoff Frames Rx: 0 EAP Rsp/Id Frames Rx: 1 EAP Response Frames Rx: 10 EAP Req/Id Frames Tx: 23 EAP Request Frames Tx: 10 Invalid EAPOL Frames Rx: 0 EAPOL Length Error Frames Rx: 0 EAPOL Last Frame Version Rx: 1 Invalid EAP Frames Rx: 0 EAP Length Error Frames Rx: 0 EAPOL Last Frame Src: 0021.5ec6.15ce