show dot1x
Use this command to display IEEE 802.1x port-based access control information.
Command Syntax
show dot1x
show dot1x all
show dot1x diagnostics interface IFNAME
show dot1x interface IFNAME
show dot1x sessionstatistics interface IFNAME
show dot1x statistics interface IFNAME
Parameters
all
Display all IEEE 802.1x port-based access control information.
diagnostics
Display diagnostics information.
IFNAME
Interface name.
sessionstatistics
Display the statistics for a session.
statistics
Display the statistics.
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
The following is an output of this command displaying the state of the system.
#show dot1x
% 802.1x authentication enabled
% Radius server address: 192.168.1.1.1812
% Radius client address: dhcp128.mySite.com.12103
% Next radius message id: 0
The following is an output of this command displaying detailed information for all ports.
#show dot1x all
% 802.1x authentication enabled
% Radius server address: 192.168.1.1.1812
% Radius client address: dhcp128.mySite.com.12103
% Next radius message id: 0
% Dot1x info for interface eth1 - 3
% portEnabled: true - portControl: auto
% portStatus: unauthorized - currentId: 11
% reAuthenticate: disabled
% abort:F fail:F start:F timeout:F success:F
% PAE: state: connecting - portMode: auto
% PAE: reAuthCount: 2 - rxRespId: 0
% PAE: quietPeriod: 60 - reauthMax: 2 - txPeriod: 30
% BE: state: idle - reqCount: 0 - idFromServer: 0
% BE: suppTimeout: 30 - serverTimeout: 30 - maxReq: 2
% CD: adminControlledDirections: in - operControlledDirections: in
% CD: bridgeDetected: false
% KR: rxKey: false
% KT: keyAvailable: false - keyTxEnabled: false
The following tables describes the output of the show dot1x command.
Table 8-21: Port variables
Entry | Description |
|---|
portEnabled | Interface operational status (Up-true/down-false) |
portControl | Current control status of the port for 802.1x control |
portStatus | 802.1x status of the port (authorized/unauthorized) |
reAuthenticate | Reauthentication enabled/disabled status on port |
reAuthPeriod | Reauthentication period |
Table 8-22: Supplicant PAE related global variables
Entry | Description |
|---|
abort | Abort authentication when true |
fail | Failed authentication attempt when false |
start | Start authentication when true |
timeout | Authentication attempt timed out when true |
success | Authentication successful when true |
Table 8-23: 802.1x Operational state of interface
Entry | Description |
|---|
mode | Configured 802.1x mode |
reAuthCount | Reauthentication count |
quietperiod | Time between reauthentication attempts |
reAuthMax | Maximum reauthentication attempts |
Table 8-24: Backend authentication state machine variables and constants
Entry | Description |
|---|
state | State of the port. |
reqCount | Number of requests sent to server |
suppTimeout | Number of seconds the port waits for a response when relaying a request from the authentication server to the supplicant before resending the request. |
serverTimeout | Number of seconds the port waits for a reply when relaying a response from the supplicant to the authentication server before timing out. |
maxReq | Maximum number of times a request packet is retransmitted to the supplicant before the authentication session times out. |
Table 8-25: Controlled directions state machine
Entry | Description |
|---|
adminControlledDirections | Administrative value (Both/In) |
operControlledDirections | Operational Value (Both/In) |
Table 8-26: KR -- Key receive state machine
Entry | Description |
|---|
rxKey | True when EAPOL-Key message is received by supplicant or authenticator. false when key is transmitted |
Table 8-27: Key Transmit state machine
Entry | Description |
|---|
keyAvailable | False when key has been transmitted by authenticator, true when new key is available for key exchange |
keyTxEnabled | Key transmission enabled/disabled status |
Last modified date: 07/13/2023