Port-Based Network Access Control Commands / Authentication Show Commands
Parent topic: Authentication Show Commands

show authentication clients

Use this command to display Authentication Manager information for the clients authenticated on an interface.

Format show authentication clients {all | interface unit/slot/port }
Mode Privileged EXEC
Parameter Description
Interface The interface for which authentication configuration information is being displayed.
Mac Address The MAC address of the client.
User Name The user name associated with the client.
VLAN Assigned Reason This can take one of the following values
  • Default VLAN – The client has been authenticated on the port default VLAN and the authentication server is not RADIUS.
  • RADIUS – RADIUS is used for authenticating the client.
  • Voice VLAN – The client is identified as a Voice device.
  • Critical VLAN – The client has been authenticated on the Critical VLAN.
  • Unauthenticated VLAN – The client has been authenticated on the Unauthenticated VLAN.
  • Guest VLAN – The client has been authenticated on the Guest VLAN.
  • Monitor Mode – The client has been authenticated by Monitor mode.
Host Mode The authentication host mode configured on the interface. The possible values are multi-auth, multi-domain, multi-host, single-host and multi-domain-multi-host.
Method The method used to authenticate the client on the interface. The possible values are 802.1x. MAB, Captive Portal and None.
Control Mode The configured control mode for this port. Possible values are force-unauthorized, auto and unauthorized.
Session Time The amount of time the client session has been active.
Session Timeout This value indicates the time for which the given session is valid. The time period in seconds is returned by the RADIUS server on authentication of the port.
Session Termination Action This value indicates the action to be taken once the session timeout expires. Possible values are Default and Radius-Request. If the value is Default, the session is terminated and client details are cleared. If the value is Radius-Request, then a reauthentication of the client is performed.
Filter ID Identifies the Filter ID returned by the RADIUS server when the client was authenticated. This is a configured DiffServ policy name on the switch.
ACS ACL Name Identifies the downloadable ACL returned by the RADIUS server when the client was authenticated. The downloadable ACL is the same as that returned by using CiscoSecure-Defined-ACL-AVP.
DACL Identifies the Dynamic ACL returned by the RADIUS server when the client was authenticated.
Acct Session ID The Accounting Session Id associated with the client session.
LinkSec Policy The LinkSec policy for the client.

Example:

(switch) #show authentication clients interface 1/0/2

Mac Address.................................... 58:05:94:1C:00:00
User Name...................................... testixia
VLAN Assigned Reason........................... Voice VLAN (100)
Host Mode ..................................... multi-auth
Method......................................... 802.1X
Control Mode................................... auto
Session time ... .............................. 0
Session timeout ............................... 0
Session Termination Action..................... Default
Filter-Id ..................................... None
ACS ACL Name................................... xACSACLx-IP-FP_ACL-5ee227a2
DACL........................................... None
Session Termination Action..................... Default
Acct SessionId:................................ testixia:200000003
LinkSec Policy................................. Should Secure
Parent topic: Authentication Show Commands

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo