Command Reference Guide

ManualsBrandsHP ManualsMoonshot SystemsHP Moonshot-45G Switch Module

341

342

343

344

345

346

347

348

349

350

Port-Based Network Access Control Commands

CLI Command Reference

September 2014 Page 343

HP Moonshot Switch Module CLI Command Reference

Example: The following shows example CLI display output for the command show dot1x

summary 1/0/1.

Operating

Interface Control Mode Control Mode Port Status

--------- ------------ ------------ ------------

1/0/1 auto auto Authorized

If you use the optional parameter detail unit/slot/port, the detailed dot1x configuration for the specified

port is displayed.

Term Definition

Port The interface whose configuration is displayed.

Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding

to the first version of the dot1x specification.

PAE Capabilities The port access entity (PAE) functionality of this port. Possible values are Authenticator or

Supplicant.

Control Mode The configured control mode for this port. Possible values are force-unauthorized | force-

authorized | auto | mac-based.

Authenticator

PAE State

Current state of the authenticator PAE state machine. Possible values are Initialize,

Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held,

ForceAuthorized, and ForceUnauthorized. When MAC-based authentication is enabled on

the port, this parameter is deprecated.

Backend

Authentication

State

Current state of the backend authentication state machine. Possible values are Request,

Response, Success, Fail, Timeout, Idle, and Initialize. When MAC-based authentication is

enabled on the port, this parameter is deprecated.

Quiet Period The timer used by the authenticator state machine on this port to define periods of time in

which it will not attempt to acquire a supplicant. The value is expressed in seconds and will

be in the range 0 and 65535.

Transmit Period The timer used by the authenticator state machine on the specified port to determine

when to send an EAPOL EAP Request/Identity frame to the supplicant. The value is

expressed in seconds and will be in the range of 1 and 65535.

Guest-VLAN ID The guest VLAN identifier configured on the interface.

Guest VLAN

Period

The time in seconds for which the authenticator waits before authorizing and placing the

port in the Guest VLAN, if no EAPOL packets are detected on that port.

Supplicant

Timeout

The timer used by the authenticator state machine on this port to timeout the supplicant.

The value is expressed in seconds and will be in the range of 1 and 65535.

Server Timeout The timer used by the authenticator on this port to timeout the authentication server. The

value is expressed in seconds and will be in the range of 1 and 65535.

Maximum

Requests

The maximum number of times the authenticator state machine on this port will

retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The value will

be in the range of 1 and 10.

Configured MAB

Mode

The administrative mode of the MAC authentication bypass feature on the switch.

Operational MAB

Mode

The operational mode of the MAC authentication bypass feature on the switch. MAB might

be administratively enabled but not operational if the control mode is not MAC based.