Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Brocade ICX 6650 Security Configuration Guide

259

53-1002601-01

Displaying multi-device port authentication information

802.1X override Dynamic PVID

Indicates if 802.1X can dynamically assign a Port VLAN ID (PVID).

override return to PVID

If a port PVID is assigned through the multi-device port authentication feature,
and 802.1X authentication subsequently specifies a different PVID, then the
PVID specified through 802.1X authentication overrides the PVID specified
through multi-device port authentication. This line indicates the PVID the port
will use if 802.1X dynamically assigns PVID.

Original PVID

The originally configured (not dynamically assigned) PVID for the port.

DOS attack protection

Whether denial of service attack protection has been enabled for multi-device
port authentication, limiting the rate of authentication attempts sent to the
RADIUS server.

Accepted Mac Addresses

The number of MAC addresses that have been successfully authenticated.

Rejected Mac Addresses

The number of MAC addresses for which authentication has failed.

Authentication in progress

The number of MAC addresses for which authentication is pending.
This is the number of MAC addresses for which an Access-Request message has
been sent to the RADIUS server, and for which the RADIUS server has not yet
sent an Access-Accept message.

Authentication attempts

The total number of authentication attempts made for MAC addresses on an
interface, including pending authentication attempts.

RADIUS timeouts

The number of times the session between the Brocade device and the RADIUS
server timed out.

RADIUS timeout action

Action to be taken by the RADIUS server if it times out.

MAC address on the PVID

Number of MAC addresses on the PVID.

MAC address authorized on
PVID

Number of authorized MAC addresses on the PVID.

Aging of MAC-sessions

Whether software aging of MAC addresses is enabled.

Port move-back VLAN

Indicates the destination VLAN when a RADIUS assigned VLAN is removed. By
default, it would return the configured VLAN.

Max-Age of sw MAC-sessions

The configured software aging period for MAC addresses.

hw age for denied MAC

The hardware aging period for blocked MAC addresses. The MAC addresses are
dropped in hardware ones the aging period expires.

MAC Filter applied

Indicates whether a MAC address filter has been applied to this port to specify
pre-authenticated MAC addresses.

Dynamic ACL applied

Indicates whether a dynamic ACL was applied to this port.

num Dynamic Tagged Vlan

The number of dynamically tagged VLANs on this port.

Dynamic Tagged Vlan list

The list of dynamically tagged VLANs on this port. In this example, 1025 (1/1)
indicates that there was one MAC session and one learned MAC address for
VLAN 1025. Likewise, 4060 (1/0) indicates that there was one MAC session and
no learned MAC addresses for VLAN 4060.

MAC Address

The MAC addresses learned on the port. If the packet for which multi-device port
authentication was performed also contained an IP address, then the IP
address is displayed as well.

RADIUS Server

The IP address of the RADIUS server used for authenticating the MAC
addresses.

TABLE 63

Output from the show auth-mac-addresses detailed command (Continued)

Field

Description