CLI Reference Guide-R02

ManualsBrandsEdgecore Networks ManualsEnterpriseL2+/Lite L3 10G Ethernet Aggregation Switch with 2 40G Uplinks

261

262

263

264

265

266

267

268

269

270

Table Of Contents

Chapter 8

| Authentication Commands

802.1X Port Authentication

– 268 –

◆ 802.1X Port Summary – Displays the port access control parameters for each

interface that has enabled 802.1X, including the following items:

■

Type – Administrative state for port access control (Enabled, Authenticator,

or Supplicant).

■

Operation Mode – Allows single or multiple hosts (page 259).

■

Control Mode – Dot1x port control mode (page 260).

■

Authorized – Authorization status (yes or n/a - not authorized).

◆ 802.1X Port Details – Displays the port access control parameters for each

interface, including the following items:

■

Reauthentication – Periodic re-authentication (page 260).

■

Reauth Period – Time after which a connected client must be re-

authenticated (page 261).

■

Quiet Period – Time a port waits after Max Request Count is exceeded

before attempting to acquire a new client (page 261).

■

TX Period – Time a port waits during authentication session before re-

transmitting EAP packet (page 262).

■

Supplicant Timeout – Supplicant timeout.

■

Server Timeout – Server timeout. A RADIUS server must be set before the

correct operational value of 10 seconds will be displayed in this field.

■

Reauth Max Retries – Maximum number of reauthentication attempts.

■

Max Request – Maximum number of times a port will retransmit an EAP

request/identity packet to the client before it times out the authentication

session (page 258).

■

Operation Mode– Shows if single or multiple hosts (clients) can connect to

an 802.1X-authorized port.

■

Port Control–Shows the dot1x mode on a port as auto, force-authorized, or

force-unauthorized (page 260).

■

Intrusion Action– Shows the port response to intrusion when

authentication fails (page 257).

■

Supplicant– MAC address of authorized client.

◆ Authenticator PAE State Machine

■

State – Current state (including initialize, disconnected,

connecting,

authenticating, authenticated, aborting,

held, force_authorized,

force_unauthorized).

■

Reauth Count– Number of times connecting state is re-entered.

■

Current Identifier– The integer (0-255) used by the Authenticator to identify

the current authentication session.

◆ Backend State Machine

■

State – Current state (including request, response, success, fail, timeout,

idle, initialize).

■

Request Count– Number of EAP Request packets sent to the Supplicant

without receiving a response.

■

Identifier (Server)– Identifier carried in the most recent EAP Success, Failure

or Request packet received from the Authentication Server.