Configuring Port-Based and User-Based Access Control (802.1X)

Displaying 802.1X Configuration, Statistics, and Counters

Show Commands for Port-Access Supplicant

Syntax: show port-access supplicant [< port-list>] [statistics] show port-access supplicant [< port-list>]

Shows the port-access supplicant configuration (excluding the secret parameter) for all ports or < port- list > ports configured on the switch as supplicants. The Supplicant State can include the following:

Connecting - Starting authentication.

Authenticated - Authentication completed (regardless of whether the attempt was successful).

Acquired - The port received a request for identification from an authenticator. Authenticating - Authentication is in progress. Held - Authenticator sent notice of failure. The supplicant port is waiting for the authenticator’s held-period (page 10-49).

For descriptions of the supplicant parameters, refer to “Configuring a Supplicant Switch Port” on page 10-49.

show port-access supplicant [< port-list>] statistics

Shows the port-access statistics and source MAC address(es) for all ports or < port-list> ports configured on the switch as supplicants. See the “Note on Supplicant Statistics”, below.

Note on Supplicant Statistics. For each port configured as a supplicant, show port-access supplicant statistics < port-list>] displays the source MAC address and statistics for transactions with the authenticator device most recently detected on the port. If the link between the supplicant port and the authenticator device fails, the supplicant port continues to show data received from the connection to the most recent authenticator device until one of the following occurs:

The supplicant port detects a different authenticator device.

You use the aaa port-access supplicant < port-list> clear-statistics command to clear the statistics for the supplicant port.

The switch reboots.

Thus, if the supplicant’s link to the authenticator fails, the supplicant retains the transaction statistics it most recently received until one of the above events occurs. Also, if you move a link with an authenticator from one

10-64