Port > Configure > PAE > Auth Config
The following information appears:
Source Admin (cpaeAuthReAuthPeriodSrcAdmin)
Source Oper (cpaeAuthReAuthPeriodSrcOper)
Period Oper (cpaeAuthReAuthPeriodOper)
Next ReAuth (cpaeAuthTimeToNextReAuth)
ReAuth Action (cpaeAuthReAuthAction)
The source of the reAuthPeriod constant to be used by the reauthentication timer state machine.
The source of the reAuthPeriod constant currently in use by the reauthentication timer state machine.
The operational reauthentication period for this port.
The amount of time remaining in this port's current session.
The reauthentication action to be taken for this port. There are three possible values:
terminate: The session is terminated as the corresponding authenticator PAE state machine disconnects.
reAuth: The port is reauthenticated.
noReAuth: The port is not reauthenticated.
Specifies whether the PAE port is declared as an Inaccessible Authentication Bypass (IAB) port. IAB ports are granted network access via the administratively configured VLAN if it fails to connect to the authentication server. The only way to bring an IAB port back to the backend authentication state machine is by setting the value of dot1xPaePortInitialize in the corresponding dot1xPaePortTable entry to true.
802.1x reauthentication is temporarily disabled on an authenticated IAB port when the connection to the authentication server is broken, and re-enabled when the connection is back up.
Indicates the current value of the authenticator PAE state machine. There are seventeen possible values:
other: None of the following states.
initialize: The PAE state machine is being initialized.
disconnected: An explicit logoff request was received from the supplicant, or the number of permissible reauthentication attempts has been exceeded.
connecting: Attempting to establish communication with a supplicant.
authenticating: A supplicant is being authenticated.
authenticated: The authenticator has successfully authenticated the supplicant.
aborting: The authentication process was prematurely aborted due to the receipt of a reauthentication request, an EAPOL-Start frame, an EAPOL-Logoff frame, or an authTimeout.
held: The state machine ignores and discards all EAPOL packets, so as to discourage brute force attacks. This state is entered from the Authenticating state following an authentication failure. At the expiration of the quietWhile timer, the state machine transitions to the connecting state.
forceAuth: The port is set to authorized and a canned EAP success packet is sent to the supplicant.
forceUnauth: The port is set to unauthorized and a canned EAP failure packet is sent to the supplicant. If EAP-Start messages are received from the supplicant, this state is re-entered and further EAP failure messages are sent.
guestVlan: The port has been moved to a configured guest VLAN.
authFailVlan: The port has been moved to a configured authentication failed VLAN.
criticalAuth: The port is set to authorized even though the RADIUS server is not reachable or does not respond.
ipAwaiting: The port is waiting for an IP address from a DHCP server.
policyConfig: This state is entered from the ipAwaiting state if an IP address is received while the corresponding policies are being installed.
authFinished: The port is set to authorized by the MAC authentication bypass feature.
restart: The PAE state machine has been restarted.