This command is used to show a summary of the global dot1x configuration, summary information of the dot1x configuration for a specified port or all ports, the detailed dot1x configuration for a specified port and the dot1x statistics for a specified port - depending on the tokens used.
| Format | show dot1x [{supplicant summary {unit/slot/port | all} | detail unit/slot/port | statistics unit/slot/port] |
| Mode | Privileged EXEC |
If you do not use the optional parameters unit/slot/port, the command displays the global configuration.
| Term | Definition |
|---|---|
| Administrative Mode | Indicates whether 8021X is enabled or disabled. |
| EAPOL Flood Mode | Indicates whether the EAPOL flood support is enabled on the switch. |
| Software Version | The version of the dot1X implementation running on the switch. |
Example:
(switch) #show dot1x Administrative Mode............... Enabled EAPOL Flood Mode.................. Disabled Software Version.................. 1
If you use the optional parameter supplicant summary {unit/slot/port | all}, the dot1x supplicant authorization for the specified port or all ports are displayed.
Note:
MAC-based dot1x authentication support is platform-dependent.
| Term | Definition |
|---|---|
| Port | The interface whose configuration is displayed. |
| Port Status | Indicates whether the port is authorized or unauthorized. Possible values are authorized l unauthorized. |
Example: The following shows example CLI display output for the command show dot1x supplicant summary 1/0/1.
Operating Interface Port Status --------- ------------ 0/1 Authorized
If the port is configured as an Authenticator, the optional parameter detail unit/slot/port displays the detailed dot1x configuration for the specified port.
| Term | Definition |
|---|---|
| Port | The interface whose configuration is displayed. |
| Protocol Version | The protocol version associated with this port. The only possible value is 1,corresponding to the first version of the dot1x specification. |
| PAE Capabilities | The port access entity (PAE) functionality of this port. Possible values are Authenticator or Supplicant. |
| Quiet Period | The timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The value is expressed in seconds and will be in the range 0 and 65535. This is the period for which the authenticator state machine stays in the HELD state. |
| Transmit Period | The timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535. |
| Supplicant Timeout | The timer used by the authenticator state machine on this port to timeout the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535. |
| Server Timeout | The timer used by the authenticator on this port to timeout the authentication server. The value is expressed in seconds and will be in the range of 1 and 65535. |
| Maximum Request-Identities | The maximum number of times (attempts), the authenticator state machine on this port will retransmit an EAPOL EAP Request-Identity frames before timing out the supplicant. |
| Maximum Requests | The maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request/Identity before restarting the authentication process. |
| Key Transmission Enabled | Indicates if the key is transmitted to the supplicant for the specified port. Possible values are True or False. |
Example: The following shows example CLI display output for the command.
(switch) #show dot1x detail 1/0/3 Port........................................... 1/0/3 Protocol Version............................... 1 PAE Capabilities............................... Authenticator Quiet Period (secs)............................ 60 Transmit Period (secs)......................... 30 Supplicant Timeout (secs)...................... 30 Server Timeout (secs).......................... 30 Maximum Request-Identities..................... 2 Maximum Requests............................... 2 Key Transmission Enabled....................... False
If the port is configured as a Supplicant, the show dot1x detail unit/slot/port command will display the following dot1x parameters.
| Term | Definition |
|---|---|
| Port | The interface whose statistics are displayed. |
| Protocol Version | The protocol version associated with this port. The only possible value is 1,corresponding to the first version of the dot1x specification. |
| PAE Capabilities | The port access entity (PAE) functionality of this port. Possible values are Authenticator or Supplicant. |
| Control Mode | The configured control mode for this port. Possible values are force-unauthorized l auto l unauthorized. |
| Supplicant PACP State | Current state of the authenticator PACP state machine. Possible values are Initialize, Logoff, Held, Unauthenticated, Authenticating and Authenticated. |
| Maximum Start Messages | The maximum number of EAP Start messages that the supplicant will send before moving to Unauthenticated State. |
| Start period | The timer period between each EAP Start message the supplicant sends when it does not hear from the authenticator. |
| Held period | The time period the supplicant waits before it restarts authentication after an EAP failure. |
| Authentication period | The time period the supplicant waits before it declares EAP timeout after it sends an EAP message (except EAP Start). |
Example: The following shows example CLI display output for the command.
(switch) (Config)#show dot1x detail 1/0/24 Port........................................... 1/0/24 Protocol Version............................... 1 PAE Capabilities............................... Supplicant Control Mode................................... auto Supplicant PAE State........................... Authenticated Maximum Start Messages......................... 3 Start Period (secs)............................ 30 Held Period (secs)............................. 60 Authentication Period (secs)................... 30
If you use the optional parameter statistics unit/slot/port, the following dot1x statistics for the specified port appear.
| Term | Definition |
|---|---|
| Port | The interface whose statistics are displayed. |
| PAE Capabilities | The port access entity (PAE) functionality of this port. Possible values are Authenticator or Supplicant. |
| EAPOL Frames Received | The number of valid EAPOL frames of any type that have been received by this authenticator. |
| EAPOL Frames Transmitted | The number of EAPOL frames of any type that have been transmitted by this authenticator. |
| EAPOL Start Frames Received | The number of EAPOL start frames that have been received by this authenticator. |
| EAPOL Logoff Frames Received | The number of EAPOL logoff frames that have been received by this authenticator. |
| Last EAPOL Frame Version | The protocol version number carried in the most recently received EAPOL frame. |
| Last EAPOL Frame Source | The source MAC address carried in the most recently received EAPOL frame. |
| EAP Response/Id Frames Received | The number of EAP response/identity frames that have been received by this authenticator. |
| EAP Response Frames Received | The number of valid EAP response frames (other than resp/id frames) that have been received by this authenticator. |
| EAP Request/Id Frames Transmitted | The number of EAP request/identity frames that have been transmitted by this authenticator. |
| EAP Request Frames Transmitted | The number of EAP request frames (other than request/identity frames) that have been transmitted by this authenticator. |
| Invalid EAPOL Frames Received | The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized. |
| EAP Length Error Frames Received | The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized. |
Example: The following shows example CLI display output for the command.
(switch) #show dot1x statistics 0/1 Port........................................... 0/1 EAPOL Frames Received.......................... 0 EAPOL Frames Transmitted....................... 0 EAPOL Start Frames Transmitted................. 3 EAPOL Logoff Frames Received................... 0 EAP Resp/Id frames transmitted................. 0 EAP Response frames transmitted................ 0 EAP Req/Id frames transmitted.................. 0 EAP Req frames transmitted..................... 0 Invalid EAPOL frames received.................. 0 EAP length error frames received............... 0 Last EAPOL Frame Version....................... 0 Last EAPOL Frame Source........................ 00:00:00:00:02:01
