Configuring Port-Based and User-Based Access Control (802.1X)
Displaying 802.1X Configuration, Statistics, and Counters
Syntax: show port-access authenticator [port-list]
[config | statistics | session-counters | vlan | clients]| detailed]
—Continued—
• Untagged VLAN: VLAN ID number of the untagged VLAN
used in client sessions. If the switch supports MAC-based
(untagged) VLANs, MACbased is displayed to show that
multiple untagged VLANs are configured for
authentication sessions.
• Tagged VLANs: Are tagged VLANs (statically configured or
RADIUS-assigned) used for authenticated clients?
Yes or No
• Port COS:
Yes - Client-specific CoS (Class of Service) values are
applied to more than one authenticated client on the port.
No - No client-specific CoS values are applied to any
authenticated client on the port.
<cos-value>- Numerical value of the CoS (802.1p
priority) applied to inbound traffic from one
authenticated client. For client-specific per-port CoS
values, enter the show port-access web-based clients detailed
command.
• Kbps In Limit: Indicates the ingress rate-limit assigned by
the RADIUS server to the port for traffic inbound from the
authenticated client. If there is no ingress rate-limit
assigned, then
Not Set appears in this field.
• RADIUS ACL: Are RADIUS-assigned ACLs used for
authenticated clients? Yes or No
• Cntrl Dir: Directions in which flow of incoming and
outgoing traffic is blocked on 802.1X-aware port that has
not yet entered the authenticated state:
Both: Incoming and outgoing traffic is blocked on port
until authentication occurs.
In: Only incoming traffic is blocked on port before
authentication occurs. Outgoing traffic with unknown
destination addresses is flooded on the unauthenticated
802.1X-aware port.
Information on ports not enabled for 802.1X port-access
authentication is not displayed.
12-54
