Port Usage Tab
(Device)

The device Port Usage tab displays information related to end user login (authentication) sessions and role-based rate limit usage on a device. To display this tab, select a device in the left-panel Network Elements tab, then click the Port Usage tab in the right panel. You must click Retrieve to display the port information in the tables.

The Port Usage tab provides two sub-tabs to allow you to view the desired information:

• End User Sessions Tab
• Role-Based Rate Limits Tab

End User Sessions Tab

Session entries are collected up to the maximum allowed. When the maximum is reached, the oldest session entries are replaced with newer ones. The exception to this is the RoamAbout R2, where older session data is not kept.

For devices that support one authenticated user per port, only one user/current role per port will show up in the table. For devices that support multiple authenticated users per port (such as the RoamAbout R2 and the Matrix N-Series Platinum devices), all users authenticated on its ports will be listed in the table, along with the roles under which they are authenticated.

Device

The IP address or name of the device.

Interface Name

A description of the port.

Index

The index value assigned to the port interface.

Current Role

The role under which the user is currently authenticated on the port.

VLAN ID

The VLAN ID that was returned from the RADIUS server when the user authenticated. If the device does not support policy then the packets will be tagged with this VLAN ID. If the device does support policy and supports Authentication-Based VLAN to Role Mapping, then the packets will be classified according to the role that the VLAN ID maps to. A VLAN ID value of 0 indicates that no VLAN was assigned. If Authentication-Based VLAN to Role Mapping is not supported on the device, this column will display "N/A."

Type

The authentication type of this login session: Web-Based, 802.1X, MAC, or Role Override (Matrix N-Series Platinum devices only). If Role Override is displayed, it signifies that a rule has been applied to the port, overriding the user's current role with a different role. An example of this would be if the Automated Security Manager has detected a threat on the port, and used a MAC address rule to apply the Quarantine role to the end user.

• Role Override (MAC) signifies that a MAC address rule has been applied to the port, overriding the Default role or any authenticated role assigned to the end user.
• Role Override (IP) signifies that an IP address rule has been applied to the port, overriding the Default role or any authenticated role assigned to an end user authenticated with Single User 802.1X. An IP Address rule will not override the authenticated role for any authentication type other than Single User 802.1X.

IP Address

The IP address of the remote user of this login session.

MAC Address

The MAC address of the remote user of this login session.

Authentication Status

On Matrix N-Series Platinum devices, the authentication status of the login session. All other devices will display "N/A." Possible values are:

• Authentication Successful
• Authentication Failed
• Authentication in Progress
• Authentication Server Timeout
• Authentication Terminated

Terminate Cause

The reason the login session terminated. For web-based authentication, the possible values are:

• Administratively Terminated
• Authorization Revoked
• Link Down
• Not Applicable
• Port Disabled
• Unknown Termination Cause
• User Logged Out

For 802.1X authentication, the possible values are:

• Authorization Revoked
• Client Restarted
• Link Down (or Lost Carrier)
• Not Applicable
• Port Disabled
• Port Reinitialized
• Reauthentication Failed
• Unknown Termination Cause
• User Logged Out

Session ID

A unique identifier for the session. For devices that support multiple authenticated users per port, each user on the port will have a different session ID. Sessions with an authentication type of MAC or Role Override will display "N/A."

User Name

The user name provided by the end user at login (authentication).

Received Bytes

The number of bytes received in user data frames on this port during this session. Matrix N-Series devices must be created using SNMPv3 in order to see this value. N-Series devices using SNMPv1 will display "N/A."

Transmitted Bytes

The number of bytes transmitted in user data frames on this port during this session. Matrix N-Series devices must be created using SNMPv3 in order to see this value. N-Series devices using SNMPv1 will display "N/A."

Received Frames

The number of user data frames received on this port during this session.

Transmitted Frames

The number of user data frames transmitted on this port during this session.

Start Time

The time and date when the login session started.

Duration

The duration of the user's login session, in the format D + HH:MM:SS.

Retrieve Button

Gets the device's port information and displays it in the table.

Terminate Button

Select an active session and click Terminate to end the session. If multiple sessions are selected, only active sessions will be terminated. You cannot terminate sessions on frozen ports and you cannot terminate Role Override (IP) or Role Override (MAC) sessions that were created through the CLI (command line interface). See Terminating a Session for more information.

Lock MAC Address Button

Enables MAC Locking on the selected port(s) (static MAC locking). MAC locking must be enabled on the device in order for it to be enabled on a port.

Show Only Active Sessions Checkbox

Select this checkbox to display only active sessions in the table.

Role-Based Rate Limits Tab

Role-based rate limit functionality is available only on certain devices such as the Matrix N-Series Gold and Platinum devices (refer to the Firmware Feature Support tables in the release notes for specific device/firmware rate limit support.) For more information, see Defining Role Based Rate Limits.

Violations Table
This table lists rate limit violation information for the ports on the device.

Name

The port interface name.

Index

The port index number.

Rate Limit

The rate limit that has been violated (exceeded).

Generated System Log

Indicates whether a syslog message was generated when the rate limit was first exceeded. You can specify this action on a per-rate limit basis in the rate limit General tab.

Generated Trap

Indicates whether an audit trap was generated when the rate limit was first exceeded. You can specify this action on a per-rate limit basis in the rate limit General tab.

Port Disabled

Indicates whether the port was disabled when the rate limit was first exceeded. You can specify this action on a per-rate limit basis in the rate limit General tab.

Retrieve Button

Retrieves the most recent rate limit violations information for the ports on the device.

Clear Button

Clears the violations table. If port traffic continues to exceed the rate limit, the violations will reappear in the table.

Counters Table
This table lists rate limit count information for the ports on the device.

Name

The port interface name.

Index

The port index number.

Rate Limit

The rate limit in effect on the port.

Count

The total number of the defined rate limit units (packets or bytes) received on the port.

Retrieve Button

Retrieves the most recent port count information for the device.

Clear Button

Clears the port counters table.

Related Information

• Authentication
• MAC Locking
• Getting Started with Class of Service

• How to Configure Devices
• Defining Role-Based Rate Limits
• Authentication Configuration Guide

• Authentication Tab (Device)
• General Tab (Rate Limit)