Configuring Port-Based and User-Based Access Control (802.1X)

Displaying 802.1X Configuration, Statistics, and Counters

Table 10-3. Field Descriptions of show port-access authenticator config Command Output (Figure 10-11)

Field

Description

Port-access

Whether 802.1X authentication is enabled or disabled on specified port(s).

authenticator activated

 

Port

Port number on switch.

Re-auth Period

Period of time (in seconds) after which clients connected to the port need to be re-

 

authenticated.

Access Control

Port’s authentication mode:

 

Auto: Network access is allowed to any connected device that supports 802.1X

 

authentication and provides valid 802.1X credentials.

 

Authorized: Network access is allowed to any device connected to the port,

 

regardless of whether it meets 802.1X criteria.

 

Unauthorized: Network access is blocked to any device connected to the port,

 

regardless of whether the device meets 802.1X criteria.

Max reqs

Number of authentication attempts that must time-out before authentication fails and

 

the authentication session ends.

Quiet Period

Period of time (in seconds) during which the port does not try to acquire a supplicant.

TX Timeout

Period of time (in seconds) that the port waits to retransmit the next EAPOL PDU

 

during an authentication session.

Supplicant Timeout

Period of time (in seconds) that the switch waits for a supplicant response to an EAP

 

request.

Server Timeout

Period of time (in seconds) that the switch waits for a server response to an

 

authentication request.

Cntrl Dir

Directions in which flow of incoming and outgoing traffic is blocked on 802.1X-aware

 

port that has not yet entered the authenticated state:

 

Both: Incoming and outgoing traffic is blocked on port until authentication occurs.

 

In: Only incoming traffic is blocked on port before authentication occurs. Outgoing

 

traffic with unknown destination addresses is flooded on the unauthenticated

 

802.1X-aware port.

 

 

10-54