show eapol

Table 26-2 show eapol Output Details

Output Field

What It Displays...

 

 

Port

Port designation. For a detailed description of possible port-stringvalues, refer to

 

Port String Syntax Used in the CLI” on page 7-1.

 

 

Authentication State

Current EAPOL authentication state for each port. Possible internal states for the

 

authenticator (switch) are:

 

initialize: A port is in the initialize state when:

 

– authentication is disabled,

 

– authentication is enabled and the port is not linked, or

 

– authentication is enabled and the port is linked. (In this case very

 

little time is spent in this state, it immediately transitions to the

 

connecting state, via disconnected.

 

disconnected: The port passes through this state on its way to connected

 

whenever the port is reinitialized, via link state change, reauthentication failure, or

 

management intervention.

 

connecting: While in this state, the authenticator sends request/ID messages to

 

the end user.

 

authenticating: The port enters this state from connecting after receiving a

 

response/ID from the end user. It remains in this state until the entire

 

authentication exchange between the end user and the authentication server

 

completes.

 

authenticated: The port enters this state from authenticating state after the

 

exchange completes with a favorable result. It remains in this state until linkdown,

 

logoff, or until a reauthentication begins.

 

aborting: The port enters this state from authenticating when any event occurs

 

that interrupts the login exchange.

 

held: After any login failure the port remains in this state for the number of

 

seconds equal to quietPeriod (can be set using MIB).

 

forceAuth: Management is allowing normal, unsecured switching on this port.

 

forceUnauth: Management is preventing any frames from being forwarded to or

 

from this port.

Authentication Mode Mode enabling network access for each port. Modes include:

Auto: Frames are forwarded according to the authentication state of each port.

Forced Authorized Mode: Meant to disable authentication on a port. It is intended for ports that support ISLs and devices that cannot authenticate, such as printers and file servers. If a default policy is applied to the port via the policy profile MIB, then frames are forwarded according to the configuration set by that policy, otherwise frames are forwarded according to the current configuration for that port. Authentication using 802.1X is not possible on a port in this mode.

Forced Unauthorized Mode: All frames received on the port are discarded by a filter. Authentication using 802.1X is not possible on a port in this mode.

26-22 Authentication and Authorization Configuration

Page 768
Image 768
Enterasys Networks 9034313-07 manual Show eapol Output Details, Connecting state, via disconnected