Cisco ios software router, Cisco ios software switch – IBM Tivoli and Cisco User Manual

452

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Cisco IOS Software router

On a Cisco router running Cisco IOS Software, these commands are useful for
debugging:

show eou

Shows eou (EAPoverUDP) settings including
polling cycle timeouts.

show eou all

Shows current eou cache data.

eou logging

Turns on eou logging output.

eou reval ip xx.xx.xx.xx

Forces immediate revalidation of client with IP
address xx.xx.xx.xx.

clear ip admission cache *

Clears the IP admission cache for all clients
(forced revalidation of all clients).

Cisco IOS Software switch

For Cisco switches configured for IP-based NAC, the commands listed in the
preceding section apply to both a router and a switch. For 802.1x-based NAC a
useful command is the following. (NAC values are in bold at the bottom of the
output.)

show dot1x interface (interface) details

Dot1x Info for FastEthernet1/0/10
-----------------------------------
PAE

= AUTHENTICATOR

PortControl =

AUTO

ControlDirection

= Both

HostMode

= SINGLE_HOST

ReAuthentication

= Enabled

QuietPeriod

= 60

ServerTimeout

= 30

SuppTimeout

= 30

ReAuthPeriod

= (From Authentication Server)

ReAuthMax

= 2

MaxReq

= 2

TxPeriod

= 30

RateLimitPeriod

= 0

Dot1x Authenticator Client List
-------------------------------
Supplicant =

000c.2929.25cd

Auth SM State

= AUTHENTICATED

Auth BEND SM Stat = IDLE
Port Status

= AUTHORIZED

ReAuthPeriod

= 60

ReAuthAction

= Reauthenticate