beautypg.com

Show eapol output details -18, Table 17‐43 – Enterasys Networks D-Series User Manual

Page 480

background image

show eapol

17-18

Security Configuration

Table 17-43

show eapol Output Details

Output Field

What It Displays...

Port

Port designation. For a detailed description of possible port-string values, refer to

Port String Syntax Used in the CLI

” on page 6-1.

Authentication State

Current EAPOL authentication state for each port. Possible internal states for the
authenticator (switch) are:

initialize: A port is in the initialize state when:

authentication is disabled,

authentication is enabled and the port is not linked, or

authentication is enabled and the port is linked. (In this case very
little time is spent in this state, it immediately transitions to the
connecting state, via disconnected.

disconnected: The port passes through this state on its way to connected
whenever the port is reinitialized, via link state change, reauthentication failure, or
management intervention.

connecting: While in this state, the authenticator sends request/ID messages to
the end user.

authenticating: The port enters this state from connecting after receiving a
response/ID from the end user. It remains in this state until the entire
authentication exchange between the end user and the authentication server
completes.

authenticated: The port enters this state from authenticating state after the
exchange completes with a favorable result. It remains in this state until linkdown,
logoff, or until a reauthentication begins.

aborting: The port enters this state from authenticating when any event occurs
that interrupts the login exchange.

held: After any login failure the port remains in this state for the number of
seconds equal to quietPeriod (can be set using MIB).

forceAuth: Management is allowing normal, unsecured switching on this port.

forceUnauth: Management is preventing any frames from being forwarded to or
from this port.

Authentication Mode Mode enabling network access for each port. Modes include:

Auto: Frames are forwarded according to the authentication state of each port.

Forced Authorized Mode: Meant to disable authentication on a port. It is
intended for ports that support ISLs and devices that cannot authenticate, such
as printers and file servers. If a default policy is applied to the port via the policy
profile MIB, then frames are forwarded according to the configuration set by that
policy, otherwise frames are forwarded according to the current configuration for
that port. Authentication using 802.1X is not possible on a port in this mode.

Forced Unauthorized Mode: All frames received on the port are discarded by a
filter. Authentication using 802.1X is not possible on a port in this mode.