The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
802.1x Extensible Authentication Protocol (EAP) also known as EAP over LANs (EAPOL) provides the framework for a device to authenticate when it connects to the network. When Port-Based Authentication is enabled, only EAPOL traffic is allowed on that port, everything else is dropped until the client is authenticated.
A client that connects to the network sends an EAPOL Start frame to initiate authentication, and the switch responds with an EAP Request/ID frame to request credentials. The client then sends an EAP Response/ID frame which contains credentials to the switch. The switch passes those credentials to the authentication server which then sends an EAP Request frame to the client to request a specific EAP Method for authentication. The client responds with an EAP Response frame. EAP Request frames and EAP Response frames are passed back and forth until the authentication server sends a EAP-Success message to the switch. At this point, the client is authenticated and normal traffic is allowed. When the client logs off, an EAPOL Logoff frame is sent to the switch and the port becomes unauthenticated.
You can view the statistics of 802.1x EAP on a given port on the 200/300 Series Managed Switches to check the current authentication activity. This article explains in detail the statistical information given about the 802.1x EAP activity for a given port on the 200/300 Series Managed Switches.
• SF/SG 200 and SF/SG 300 Series Managed Switches
Step 1. Log in to the web configuration utility and choose Status and Statistics > 802.1x EAP. The 802.1x EAP page opens:
Step 2. Choose the port that you would like to view the 802.1x EAP statistics on from the Port drop-down list in the Interface field.
Step 3. Click one of the available radio buttons to refresh the 802.1x EAP statistic information in the Refresh Rate field. The available options are:
• No Refresh — Choose this option to not refresh the 802.1x EAP page.
• 15 sec — Choose this option to refresh the 802.1x EAP page every 15 seconds.
• 30 sec — Choose this option to refresh the 802.1x EAP page every 30 seconds.
• 60 sec — Choose this option to refresh the 802.1x EAP page every 60 seconds.
The 802.1x EAP page displays the following 802.1X EAP traffic information on the chosen port:
• EAPOL Frames Received — Number of EAPOL frames received.
• EAPOL Frames Transmitted — Number of EAPOL frames sent.
• EAPOL Start Frames Received — Number of EAPOL Start frames received. EAPOL Start frames are sent by the client who attempts to initiate authentication.
• EAPOL Logoff Frames Received — Number of EAPOL Logoff frames received. EAPOL Logoff frames are sent by the client when it logs off, in order to revert the port state of the switch back to unauthenticated.
• EAP Response/ID Frames Received — Number of EAP Response/ID frames received. EAP Response/ID frames are sent by the client and these frames contain credentials in response to an EAP Request/ID frame sent by the switch.
• EAP Response Frames Received — Number of EAP Response frames received. EAP Response frames are sent by the client in response to EAP Request frames sent by the authentication server until the port becomes authenticated.
• EAP Request/ID Frames Transmitted — Number of EAP Request/ID frames sent. EAP Request/ID frames are periodically sent by the switch, or in response to an EAPOL Start frame, to an unauthenticated client to request credentials.
• EAP Request Frames Transmitted — Number of EAP Request frames sent. EAP Request frames are sent by the authentication server to the client in order to request information for authentication.
• Invalid EAPOL Frames Received — Number of unrecognized EAPOL frames received.
• EAP Length Error Frames Received — Number of EAPOL frames with an incorrect packet body length in the header received.
• Last EAPOL Frame Version — The protocol version of the most recent EAPOL frame received.
• Last EAPOL Frame Source — The source MAC address of the most recent EAPOL frame received.
Step 4. (Optional) To clear the EAPOL traffic statistics for the chose port, click Clear Interface Counters.
Step 5. (Optional) To clear the EAPOL traffic statistics for every port on the switch, click Clear All Interfaces Counters.