Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
258
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Displaying multi-device port authentication information
The following table describes the information displayed by the show auth-mac-addresses detailed
command.
command.
TABLE 63
Output from the show auth-mac-addresses detailed command
Field
Description
Port
The port to which this information applies.
Dynamic-Vlan Assignment
Whether RADIUS dynamic VLAN assignment has been enabled for the port.
RADIUS failure action
What happens to traffic from a MAC address for which RADIUS authentication
has failed either block the traffic or assign the MAC address to a restricted
VLAN.
has failed either block the traffic or assign the MAC address to a restricted
VLAN.
Failure restrict use dot1x
Indicates if 802.1x traffic that failed multi-device port authentication, but
succeeded 802.1x authentication to gain access to the network.
succeeded 802.1x authentication to gain access to the network.
Override-restrict-vlan
Whether a port can be dynamically assigned to a VLAN specified by a RADIUS
server, if the port had been previously placed in the restricted VLAN because a
previous attempt at authenticating a MAC address on that port failed.
server, if the port had been previously placed in the restricted VLAN because a
previous attempt at authenticating a MAC address on that port failed.
Port Default Vlan
The VLAN to which the port is assigned, and whether the port had been
dynamically assigned to the VLAN by a RADIUS server.
dynamically assigned to the VLAN by a RADIUS server.
Port VLAN state
Indicates the state of the port VLAN. The State can be one of the following
“Default”, “RADIUS Assigned” or “Restricted”.
“Default”, “RADIUS Assigned” or “Restricted”.
Brocade# show auth-mac-addresses detailed ethernet 1/2/3
Port : 1/2/3
Dynamic-Vlan Assignment : Enabled
RADIUS failure action : Block Traffic
Failure restrict use dot1x : No
Override-restrict-vlan : Yes
Port Default VLAN : 101 ( RADIUS assigned: No) (101)
Port Vlan State : DEFAULT
802.1x override Dynamic PVID : YES
override return to PVID : 101
Original PVID : 101
DOS attack protection : Disabled
Accepted Mac Addresses : 1
Rejected Mac Addresses : 0
Authentication in progress : 0
Authentication attempts : 0
RADIUS timeouts : 0
RADIUS timeouts action : Success
MAC Address on PVID : 1
MAC Address authorized on PVID : 1
Aging of MAC-sessions : Enabled
Port move-back vlan : Port-configured-vlan
Max-Age of sw mac session : 120 seconds
hw age for denied mac : 70 seconds
MAC Filter applied : No
Dynamic ACL applied : No
num Dynamic Tagged Vlan : 2
Dynamic Tagged Vlan list : 1025 (1/1) 4060 (1/0)
Port : 1/2/3
Dynamic-Vlan Assignment : Enabled
RADIUS failure action : Block Traffic
Failure restrict use dot1x : No
Override-restrict-vlan : Yes
Port Default VLAN : 101 ( RADIUS assigned: No) (101)
Port Vlan State : DEFAULT
802.1x override Dynamic PVID : YES
override return to PVID : 101
Original PVID : 101
DOS attack protection : Disabled
Accepted Mac Addresses : 1
Rejected Mac Addresses : 0
Authentication in progress : 0
Authentication attempts : 0
RADIUS timeouts : 0
RADIUS timeouts action : Success
MAC Address on PVID : 1
MAC Address authorized on PVID : 1
Aging of MAC-sessions : Enabled
Port move-back vlan : Port-configured-vlan
Max-Age of sw mac session : 120 seconds
hw age for denied mac : 70 seconds
MAC Filter applied : No
Dynamic ACL applied : No
num Dynamic Tagged Vlan : 2
Dynamic Tagged Vlan list : 1025 (1/1) 4060 (1/0)
------------------------------------------------------------------------------
MAC Address RADIUS Server Authenticated Time Age Dot1x
------------------------------------------------------------------------------
0000.000074.3181 64.12.12.5 Yes 00d01h03m17s Ena Ena
MAC Address RADIUS Server Authenticated Time Age Dot1x
------------------------------------------------------------------------------
0000.000074.3181 64.12.12.5 Yes 00d01h03m17s Ena Ena