Displays details of 802.1X or MAC authentication sessions.

show authentication sessions { all | ethernet { unit / slot / port } | unit unit_number }
show authentication sessions { brief }
show authentication sessions { detail { ethernet { unit / slot / port } | unit unit_number } }
all
Displays information on all authentication sessions for the stack or standalone unit.
ethernet { unit / slot / port }
Displays authentication sessions for the specified interface or range of interfaces.
unit unit_number
Displays authentication sessions for the specified stack unit.
brief
Displays abbreviated information on authentication sessions.
detail
Displays detailed information on authentication sessions.

Privileged EXEC or any configuration mode

The following example displays information on all authentication sessions for the stack.


device# show authentication sessions all
-------------------------------------------------------------------------------------------------------------
Port    MAC             IP(v4/v6)           User   VLAN Auth    Auth   ACL   Session  Age  PAE
        Addr            Addr                Name        Method  State        Time          State
-------------------------------------------------------------------------------------------------------------
2/1/25  00aa.aaaa.0000  198.1.1.2           MVDI_1 130  MAUTH   permit Yes   210     Ena   N/A
2/1/25  00aa.aaaa.0001  fe80::2aa:aaff:feaa DVDI_1 130  8021.X  permit Yes   210     Ena   AUTHENTICATED
                        3000::2
                        3000::2
1/1/15 00bb.bbbb.0001   N/A                 DVDI_2 230  8021.X  permit None  500    Ena    AUTHENTICATED
1/1/10 0010.9400.1101   N/A                 MVDI_2 330  MAUTH   permit None  410    Ena    N/A

The following example displays information on authentication sessions for a specific interface.


device(config)# show authentication sessions ethernet 2/1/25
-------------------------------------------------------------------------------------------------------------
Port    MAC             IP(v4/v6)           User   VLAN Auth    Auth   ACL   Session  Age  PAE
        Addr            Addr                Name        Method  State        Time          State
-------------------------------------------------------------------------------------------------------------
2/1/25  00aa.aaaa.0000  198.1.1.2           MVDI_1 130  MAUTH   permit Yes   210     Ena   N/A
2/1/25  00aa.aaaa.0001  fe80::2aa:aaff:feaa DVDI_1 130  8021.X  permit Yes   210     Ena   AUTHENTICATED

The following example displays session information for stack unit 1.


device(config)# show authentication sessions unit 1
-------------------------------------------------------------------------------------------------------------
Port    MAC             IP(v4/v6)           User   VLAN Auth    Auth   ACL   Session  Age  PAE
        Addr            Addr                Name        Method  State        Time          State
-------------------------------------------------------------------------------------------------------------
1/1/15  00bb.bbbb.0001  N/A                 DVDI_2 230  8021.X  permit None  500     Ena   AUTHENTICATED
1/1/10  0010.9400.1101  N/A                 MVDI_2 330  MAUTH   permit None  410     Ena   N/A

The following example displays a brief description of authentication sessions.


device# show authentication sessions brief
-----------------------------------------------------------------------------------------------
Port   Number of         Number of          Number of      Untagged            Dynamic
       Attempted Users   Authorized Users   Denied Users   VLAN Type           Port ACL
       MAC DOT1X         MAC DOT1X          MAC DOT1X
-----------------------------------------------------------------------------------------------
1/1/7  0   1             0   1              0   0          RADIUS-VLAN         No
1/1/8  1   0             1   0              0   0          Auth-Default-VLAN   No
1/1/9  0   0             0   0              0   0          Multiple No
1/1/10 0   0             0   0              0   0          Auth-Default-VLAN   No

The following example displays a detailed description of authentication sessions on port 17/1/1.


device# show authentication sessions detail ethernet 17/1/1
Auth Session Info (Port 17/1/1, MAC a036.9f6e.1fd2) :
State                : Permitted
Auth Method          : 802.1X              Auth Mode              : Single Untagged
VLAN Type            : Radius-VLAN         VLAN                   : 200
Voice VLAN           : 0                   PVID                   : 0
Tagged VLANs         :
User Name            : joe.user@arris.com
Session Time         : 1381               Reauth Time             : 2220
Idle Timeout         : 120                Session Timeout         : 0
Acct session ID      : 2                  PCE Index               : 65535
PAE State            : AUTHENTICATED      Age                     : Disabled
Qos Priority         : 0                  Failure Reason          :
Auth Filter Applied  : No                 Tagged                  : No
VLAN Add Req State   : Complete           VLAN Del Req State      : Init
Filter Add Req State : Complete           Filter Del Req State    : Init
Stale                : No                 Delete Pending          : No
802.1X Enabled       : No                 Session Control         : Self
V4 ACL Applied       : No                 V6 ACL Applied          : No
V4 IN ACL (Session)  : acl1               V4 OUT ACL (Session)    : -
V6 IN ACL (Session)  : -                  V6 OUT ACL (Session)    : -
Client Voice Phone   : No                 Client Wireless AP      : No
802.1X Capable       : Yes
IP Addresses         : 10.176.167.145
V4-IN ACL (Dynamic)  : 3928               V4-OUT ACL (Dynamic)    : 0
V6-IN ACL (Dynamic)  : 0                  V6-OUT ACL (Dynamic)    : 0
V4-IN ACL RefCnt     : 1                  V4-OUT ACL RefCnt       : 0
V6-IN ACL RefCnt     : 0                  V6-OUT ACL RefCnt       : 0
V4 ACL Trap Rule     : Yes                V6 ACL Trap Rule        : No
Addr Change Count    : 0                  MBV Usage Count         : 1
Radius VLAN RefCnt   : 1
Auth Order           : dot1x, mac-auth    Auth Fail Action        : Restricted VLAN (3)
Auth Timeout Action  : Failure            Aging : Enabled
SG Protection        : Disabled           DOS Protection          : Disabled (limit = 512)
Reauthentication     : Enabled            Reauth Period           : 3600
Reauth Timeout       : 300                Max Ssessions           : 2
Port Control         : Auto               Quiet Period            : 60
Supplicant Time      : 30                 Tx Period               : 3
Max Reauth Requests  : 2 Max              Frame Retries           : 2
Release version Command history
08.0.80 This command was introduced.