PNAC Commands

PNAC (Port Based Network Access Control) CLI commands are categorized as follows:

• Configuration Command
• Display Command

Configuration Command

This section include the PNAC configuration command.

shutdown dot1x

Command Objective:
This command shuts down the dot1x feature. By shutting down the dot1x feature, the supplicant-authenticator-authentication server architecture is dissolved. The data transport and authentication are directly governed by the authentication server. When shut down, all resources acquired by dot1x module are released to the system.

The no form of the command starts and enables dot1x.

Syntax:
shutdown dot1x

no shutdown dot1x

Mode:
Global Configuration Mode

Example:

Your Product(config)# shutdown dot1x

Display Command

This section include the PNAC display command.

show dot1x

Command Objective:
This command displays dot1x information. The configured information can be viewed by running this show command. When there is any change in the configuration to ensure that the port is configured as desired, the show command is used.

Syntax:
show dot1x [{ interface | statistics interface | supplicant-statistics interface |local-database | mac-info [address <aa.aa.aa.aa.aa.aa>] | mac-statistics [address <aa.aa.aa.aa.aa.aa>] | all }]

Parameter Description:

• interface < interface-type > < interface-id > - Displays dot1x parameters for the switch or the specified interface.

• < interface type > – Displays the dot1x information for the specified type of interface. The interface can be:
• fastethernet – Officially referred to as 100BASE-T standard. This is a version of LAN standard architecture that supports data transfer up to 100 Megabits per second.
• gigabitethernet – A version of LAN standard architecture that supports data transfer up to 1 Gigabit per second.
• extreme-ethernet – A version of Ethernet that supports data transfer up to 10 Gigabits per second. This Ethernet supports only full duplex links.
• i-lan – Internal LAN created on a bridge per IEEE 802.1ap.

• < interface id > - Displays the dot1x information for the specified interface identifier. This is a unique value that represents the specific interface. This value is a combination of slot number and port number separated by a slash, for interface type other than i-lan. For Example: 0/1 represents that the slot number is 0 and port number is 1. Only i-lan ID is provided, for interface type i-lan. For Example: 1 represents i-lan ID.
• statistics interface < interface-type > < interface-id > - Displays dot1x authenticator port statistics parameters for the switch or the specified interface.

• < interface type > – Displays the dot1x information for the specified type of interface. The interface can be:
• fastethernet – Officially referred to as 100BASE-T standard. This is a version of LAN standard architecture that supports data transfer up to 100 Megabits per second.
• gigabitethernet – A version of LAN standard architecture that supports data transfer up to 1 Gigabit per second.
• extreme-ethernet – A version of Ethernet that supports data transfer up to 10 Gigabits per second. This Ethernet supports only full duplex links.
• i-lan – Internal LAN created on a bridge per IEEE 802.1ap.

• < interface id > - Displays the specified interface identifier. This is a unique value that represents the specific interface. This value is a combination of slot number and port number separated by a slash, for interface type other than i-lan For Example: 0/1 represents that the slot number is 0 and port number is 1. Only i-lan ID is provided, for interface type i-lan. For Example: 1 represents i-lan ID.

• supplicant-statistics interface< interface-type > < interface-id > - Displays dot1x supplicant statistics parameters for the switch or the specified interface.

• < interface type > – Displays the dot1x information for the specified type of interface. The interface can be:
• fastethernet – Officially referred to as 100BASE-T standard. This is a version of LAN standard architecture that supports data transfer up to 100 Megabits per second.
• gigabitethernet – A version of LAN standard architecture that supports data transfer up to 1 Gigabit per second.
• extreme-ethernet – A version of Ethernet that supports data transfer up to 10 Gigabits per second. This Ethernet supports only full duplex links.
• i-lan – Internal LAN created on a bridge per IEEE 802.1ap.

• < interface id > - Displays the specified interface identifier. This is a unique value that represents the specific interface. This value is a combination of slot number and port number separated by a slash, for interface type other than i-lan For Example: 0/1 represents that the slot number is 0 and port number is 1.Only i-lan ID is provided, for interface type i-lan. For Example: 1 represents i-lan ID.
• local-database - Displays dot1x authentication server database with user name and password.
• mac-info [address < aa.aa.aa.aa.aa.aa >] - Displays dot1x dot1x information for all MAC session or the specified MAC address.

  ---

  Note: This parameter is not supported in BCM target.

  ---

• mac-statistics [address < aa.aa.aa.aa.aa.aa >] - Displays dot1x MAC statistic for all MAC session or the specified MAC address.
• all - Displays dot1x status for all interfaces.

Mode:
Privileged EXEC Mode

If address is not specified for mac-info and mac-statistics, then this command displays the MAC sessions and MAC statistics of all the supplicant MAC addresses.

Example:

Your Product# show dot1x

Sysauthcontrol                      = Enabled
Module Oper Status                  = Enabled
Dot1x Protocol Version              = 2
Dot1x Authentication Method         = Local
Nas ID 

Your Product# show dot1x local-database

Pnac Authentication Users Database
-----------------------------------
User name      : brg2
Protocol       : 4
Timeout        : 0 seconds
Ports          : Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6, Gi0/7, Gi0/8, Gi0/9,
Gi0/10, Gi0/11, Gi0/12, Gi0/13, Gi0/14, Gi0/15, Gi0/16, Gi0/17, Gi0/18, Gi0/19,
Gi0/20, Gi0/21, Gi0/22, Gi0/23, Gi0/24