Port > Configure > PAE > Port Authenticator
The Port Access Entity (PAE) that performs authentication before allowing access to services available through that port is referred to as the authenticator PAE. In the authenticator role, the PAE is responsible for communicating with the supplicant and forwarding the information received from the supplicant to a suitable authentication server, in order to verify the credentials and determine the appropriate authorization state. Keep in mind that the functionality of the authenticator PAE is independent of the actual authentication method. It merely acts as an intermediary for the authentication exchange.
The Port Authenticator Configuration dialog box displays the following data:
Backend Authentication (dot1xAuthBackendAuthState)
Admin Control Directions (dot1xAuthAdminControlledDirections)
Operation Control Directions (dot1xAuthOperControlledDirections)
Port Status (dot1xAuthAuthControlledPortStatus)
Port Control (dot1xAuthAuthControlledPortControl)
Authentication (dot1xAuthReAuthEnabled)
Authentication Key (dot1xAuthKeyTxEnabled)
Auth-Bypass (cpaeMacAuthBypassPortEnabled)
Auth-Bypass Initialization (cpaeMacAuthBypassPortInitialize)
Reauthentication (cpaeMacAuthBypassPortReAuth)
Mac Address (cpaeMacAuthBypassPortMacAddress)
State (cpaeMacAuthBypassPortAuthState)
Web Authentication (cpaeWebAuthPortEnabled)
Web Auth Initialization (cpaeWebAuthPortInitialize)
Term Action (cpaeMacAuthBypassPortTermAction)
Current value of the Authenticator PAE state machine.
Current state of the Backend Authentication state machine.
Current value of the administratively controlled directions parameter for this port.
Current value of the operationally controlled directions parameter for this port.
Current value of the controlled port status parameter for this port.
Current value of the controlled port control parameter for this port.
Note: This object cannot be modified on a channeling port.
Enable/disable control used by the Reauthentication Timer state machine.
Value of the Key Transmission–enabled constant currently in use by the Authenticator PAE state machine.
Indicates whether MAC Auth-Bypass is enabled on this port.
Initialization control setting for this port.
When this object is set to true, the MAC Auth-bypass state machine is initialized on this port.
When this object is set to false, nothing happens.
Note: This object always returns the value false when read.
Reauthentication control setting for this port.
When this object is set to true, the MAC address of the device connecting to this port is reauthenticated.
When this object is set to false, nothing happens.
Note: This object always returns the value false when read.
MAC address of the device connecting to this port.
Current state of the MAC Auth-Bypass state machine.
There are seven possible values:
other(1): Indicates an unknown state.
waiting(2): The state machine is waiting to receive the MAC address that needs to be authenticated.
authenticating(3): In authentication process.
authenticated(4): MAC address of the device connecting to this port has been authenticated.
fail(5): MAC Auth-bypass authentication failed.
If there are no other authentication features available in the system, this port waits for a period of time before moving to the waiting state.
finished(6): MAC Auth-bypass authentication failed.
This port has been authenticated by another authentication feature.
aaaFail(7): The AAA server is not reachable after either the authentication request is sent or after the reauthentication timeout expires (with Inaccessible Authentication Bypass (IAB) enabled on the port).
Specifies whether web proxy authentication is enabled on this port.
Initialization control setting for this port.
When this object is set to true, the web proxy authentication state machine is initialized for all hosts connecting to this port.
When this object is set to false, nothing happens.
Note: This object always returns the value false when read.
The termination action received from a RADIUS server that will be applied on the port when the current session timeout expires. There are three possible values:
other: none of the following
init: the current session will be terminated and a new authentication process will be initiated
reauth: reauthentication will be applied without terminating the current session
Indicates the amount of time remaining in the current MAC Auth-Bypass session on this port.
The policy name to be applied on the port when the value of the corresponding cpaeWebAuthHostState is aaaFail. The specified policy name must either be an existing entry in cpgPolicyTable (defined in CISCO-POLICY-GROUP-MIB) or an empty string, which indicates that there will be no policy name applied on the port when the value of the corresponding cpaeWebAuthHostState is aaaFail.