Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Syntax: show dot1x config ethernet port

Displaying 802.1X multiple-host authentication information

You can display the following information about 802.1X multiple-host authentication:

• The dot1x-mac-sessions on each port
• The number of users connected on each port in a 802.1X multiple-host configuration

Displaying information about the dot1x MAC sessions on each port

The show dot1x mac-session command displays information about the dot1x-mac-sessions on each
port on the device. The output also shows the authenticator PAE state.

device#show dot1x mac-session

Port MAC/IP(username) Vlan Auth ACL Age PAE

State State

-----------------------------------------------------------------------------

4/1/12 0044.0002.0002 :user1 10 permit none Ena AUTHENTICATED

4/1/12 0044.0002.0003 :user2 10 permit none Ena AUTHENTICATED

Syntax: show dot1x mac-session

The following table lists the new fields in the display.

Output from the show dot1x mac-session command

TABLE 19

Field

Description

Port

The port on which the dot1x-mac-session exists.

MAC/IP
(username)

The MAC address of the Client and the username used for RADIUS authentication.

Vlan

The VLAN to which the port is currently assigned.

Auth-State

The authentication state of the dot1x-mac-session. This can be one of the following

permit - The Client has been successfully authenticated, and traffic from the Client is being
forwarded normally.

blocked - Authentication failed for the Client, and traffic from the Client is being dropped in
hardware.

restricted - Authentication failed for the Client, but traffic from the Client is allowed in the
restricted VLAN only.

init - The Client is in is in the process of 802.1X authentication, or has not started the
authentication process.

Age

The software age of the dot1x-mac-session.

Displaying 802.1X multiple-host authentication information

FastIron Ethernet Switch Security Configuration Guide

209

53-1003088-03