Brocade Communications Systems Brocade ICX 6650 6650 User Manual

194

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Displaying 802.1X information

Example

Syntax: show dot1x mac-session

Table 37

lists the new fields in the display.

TABLE 37

Output from the show dot1x mac-session command

Field

Description

Port

The port on which the dot1x-mac-session exists.

MAC/ (username)

The MAC address of the Client and the username used for RADIUS authentication.

Vlan

The VLAN to which the port is currently assigned.

Auth-State

The authentication state of the dot1x-mac-session. This can be one of the following
permit – The Client has been successfully authenticated, and traffic from the Client is
being forwarded normally.
blocked – Authentication failed for the Client, and traffic from the Client is being
dropped in hardware.
restricted – Authentication failed for the Client, but traffic from the Client is allowed in
the restricted VLAN only.
init - The Client is in is in the process of 802.1X authentication, or has not started the
authentication process.

Age

The software age of the dot1x-mac-session.

PAE State

The current status of the Authenticator PAE state machine. This can
be INITIALIZE, DISCONNECTED, CONNECTING,
AUTHENTICATING, AUTHENTICATED, ABORTING, HELD,
FORCE_AUTH, or FORCE_UNAUTH.
NOTE: When the Authenticator PAE state machine is in the

AUTHENTICATING state, if the reAuthenticate, eapStart, eapLogoff,
or authTimeout parameters are set to TRUE, it may place the
Authenticator PAE state machine indefinitely in the ABORTING state.
If this should happen, use the dot1x initialize command to initialize
802.1X port security on the port, or unplug the Client or hub
connected to the port, then reconnect it.

Brocade# show dot1x mac-session

Port MAC/(username) Vlan Auth ACL Age PAE
State State
-----------------------------------------------------------------------------
1/1/1 0000.0098.24f7 :User 10 permit none S20 AUTHENTICATED