Port Usage Tab
(Device)

The device Port Usage tab displays information related to end user login (authentication) sessions and role-based rate limit usage on a device. To display this tab, select a device in the left-panel Network Elements tab, then click the Port Usage tab in the right panel. You must click Retrieve to display the port information in the tables.

The Port Usage tab provides two sub-tabs to allow you to view the desired information:

End User Sessions Tab
Role-Based Rate Limits Tab

End User Sessions Tab

This tab displays information about each login session for the ports on the device, including the current values being collected for a session still in progress, or the final values for the last valid session when there is no session currently active. You must click Retrieve to display the port information in the table.

By default the Show Only Active Sessions checkbox is checked, and only your active sessions (listed in blue text) are displayed. Deselect the checkbox to display all entries. Sessions listed in green text are active sessions that are not applied. For example, if a user authenticates on a port that has multi-user authentication enabled (802.1X, Web-Based, and MAC,) the active session will be displayed in blue text and the other two sessions will be in green text. Another example would be if the user authenticates using the MAC authentication type but MAC rules are disabled on the port, the session would be listed in green text.

Session entries are collected up to the maximum allowed. When the maximum is reached, the oldest session entries are replaced with newer ones. The exception to this is the RoamAbout R2, where older session data is not kept.

For devices that support one authenticated user per port, only one user/current role per port will show up in the table. For devices that support multiple authenticated users per port (such as the RoamAbout R2 and the Matrix N-Series Platinum devices), all users authenticated on its ports will be listed in the table, along with the roles under which they are authenticated.

Click the graphic for more information.

Device: The IP address or name of the device.

Interface Name: A description of the port.

Index: The index value assigned to the port interface.

Current Role: The role under which the user authenticated on the port. If a session displays "Invalid Role" in this column, check the Invalid Role Action setting on the device Role/Rule tab to see the action that was configured in the event a user is assigned an unknown or invalid role. If the user authenticated via RFC 3580 VLAN Authorization, this column will display the role the VLAN is mapped to (configured through Authentication-based VLAN to Role Mapping). If VLAN to Role mapping has not been configured, the port's Default role will be displayed (if there is one); otherwise, the column will display "N/A."

VLAN ID: If the user authenticated via RFC 3580 VLAN Authorization, this is the VLAN ID that was returned from the RADIUS server. A VLAN ID value of 0 indicates that no VLAN was assigned. If VLAN authentication is not supported on the device, this column will display "N/A."

VLAN Oper Egress

The modification that will be made to the VLAN egress list for the VLAN ID returned by the RADIUS server, if the user authenticated via RFC 3580 VLAN Authorization.

None - No modification to the VLAN egress list will be made.
Tagged - The port will be added to the list with the egress state set to Tagged (frames will be forwarded as tagged.)
Untagged - The port will be added to the list with the egress state set to Untagged (frames will be forwarded as untagged.).

If VLAN authentication is not supported on the device, this column will display "N/A." Use the port Authentication Configuration tab to change these settings, if desired.

Type

The authentication type of this login session: Web-Based, 802.1X, MAC, or Role Override (Matrix N-Series Platinum devices only). If Role Override is displayed, it signifies that a rule has been applied to the port, overriding the user's current role with a different role. An example of this would be if the Automated Security Manager has detected a threat on the port, and used a MAC address rule to apply the Quarantine role to the end user.

Role Override (MAC) signifies that a MAC address rule has been applied to the port, overriding the Default role or any authenticated role assigned to the end user.
Role Override (IP) signifies that an IP address rule has been applied to the port, overriding the Default role or any authenticated role assigned to an end user authenticated with Single User 802.1X. An IP Address rule will not override the authenticated role for any authentication type other than Single User 802.1X.

IP Address: The IP address of the remote user of this login session.

MAC Address: The MAC address of the remote user of this login session.

Authentication Status

On Matrix N-Series Platinum devices, the authentication status of the login session. All other devices will display "N/A." Possible values are:

Authentication Successful
Authentication Failed
Authentication in Progress
Authentication Server Timeout
Authentication Terminated

Terminate Cause

The reason the login session terminated. For web-based authentication, the possible values are:

Administratively Terminated
Authorization Revoked
Link Down
Not Applicable
Port Disabled
Unknown Termination Cause
User Logged Out

For 802.1X authentication, the possible values are:

Authorization Revoked
Client Restarted
Link Down (or Lost Carrier)
Not Applicable
Port Disabled
Port Reinitialized
Reauthentication Failed
Unknown Termination Cause
User Logged Out

Session ID: A unique identifier for the session. For devices that support multiple authenticated users per port, each user on the port will have a different session ID. Sessions with an authentication type of MAC or Role Override will display "N/A."

User Name: The user name provided by the end user at login (authentication).

Received Bytes: The number of bytes received in user data frames on this port during this session. Matrix N-Series devices must be created using SNMPv3 in order to see this value. N-Series devices using SNMPv1 will display "N/A."

Transmitted Bytes: The number of bytes transmitted in user data frames on this port during this session. Matrix N-Series devices must be created using SNMPv3 in order to see this value. N-Series devices using SNMPv1 will display "N/A."

Received Frames: The number of user data frames received on this port during this session.

Transmitted Frames: The number of user data frames transmitted on this port during this session.

Start Time: The time and date when the login session started.

Duration: The duration of the user's login session, in the format D + HH:MM:SS.

Retrieve Button: Gets the device's port information and displays it in the table.

Terminate Button: Select an active session and click Terminate to end the session. If multiple sessions are selected, only active sessions will be terminated. You cannot terminate sessions on frozen ports and you cannot terminate Role Override (IP) or Role Override (MAC) sessions that were created through the CLI (command line interface). See Terminating a Session for more information.

Lock MAC Address Button: Enables MAC Locking on the selected port(s) (static MAC locking). MAC locking must be enabled on the device in order for it to be enabled on a port.

Show Only Active Sessions Checkbox: Select this checkbox to display only active sessions (listed in blue text) in the table.

Role-Based Rate Limits Tab

This tab displays information about the role-based rate limit counts and violations for the ports on the device, including the current data being collected for sessions in progress and data from previous sessions. You must click Retrieve to display the port information in the tables.

Role-based rate limit functionality is available only on certain devices such as the Matrix N-Series Gold and Platinum devices (refer to the Firmware Feature Support tables in the release notes for specific device/firmware rate limit support.) For more information, see Defining Role Based Rate Limits.

Click the graphic for more information.

Violations Table
This table lists rate limit violation information for the ports on the device.

Name: The port interface name.

Index: The port index number.

Rate Limit: The rate limit that has been violated (exceeded).

Generated System Log: Indicates whether a syslog message was generated when the rate limit was first exceeded. You can specify this action on a per-rate limit basis in the rate limit General tab.

Generated Trap: Indicates whether an audit trap was generated when the rate limit was first exceeded. You can specify this action on a per-rate limit basis in the rate limit General tab.

Port Disabled: Indicates whether the port was disabled when the rate limit was first exceeded. You can specify this action on a per-rate limit basis in the rate limit General tab.

Retrieve: Retrieves the most recent rate limit violations information for the ports on the device.

Clear: Clears the violations table. If port traffic continues to exceed the rate limit, the violations will reappear in the table.

Counters Table
This table lists rate limit count information for the ports on the device.

Name: The port interface name.

Index: The port index number.

Rate Limit: The rate limit in effect on the port.

Count: The total number of the defined rate limit units (packets or bytes) received on the port.

Retrieve: Retrieves the most recent port count information for the device.

Clear: Clears the port counters table.

Related Information

For information on related concepts:

For information on related tasks:

For information on related windows:

Port Usage Tab (Device)

End User Sessions Tab

Role-Based Rate Limits Tab

Related Information

Port Usage Tab
(Device)