September 21, 2018 After the Citrix Workspace app for Mac software is installed, the following configuration steps allow users to access their hosted applications and desktops. If you have users who connect from outside the internal network (for example, users who connect from the Internet or from remote locations), configure authentication through Citrix Gateway. Content Collaboration Service integration in Citrix Workspace app Citrix Content Collaboration enables you to easily and securely exchange documents, send large documents by email, securely handle document transfers to third parties, and access a collaboration space. Citrix Content Collaboration provides many ways to work, including a web-based interface, mobile clients, desktop apps, and integration with Microsoft Outlook and Gmail. You can access Citrix Content Collaboration functionality from the Citrix Workspace app using the Files tab displayed within Citrix Workspace app. You can view the Files tab only if Content Collaboration Service is enabled in the Workspace configuration in the Citrix Cloud console.
Note: Citrix Content Collaboration integration in Citrix Workspace app is not supported on Windows Server 2012 and Windows Server 2016 due to a security option set in the operating system. The following image displays example contents of the Files tab of the new Citrix Workspace app: Limitations:. Resetting Citrix Workspace app does not cause Citrix Content Collaboration to log off. Switching stores in Citrix Workspace app does not cause Citrix Content Collaboration to log off.
Configure USB redirection HDX USB device redirection enables redirection of USB devices to and from a user device. For example, a user can connect a flash drive to a local computer and access it remotely from within a virtual desktop or a desktop hosted application. During a session, users can plug and play devices, including Picture Transfer Protocol (PTP) devices such as digital cameras, Media Transfer Protocol (MTP) devices such as digital audio players or portable media players, point-of-sale (POS) devices and other devices such as 3D Space Mice, Scanners, Signature Pads etc. Note: Double-hop USB is not supported for desktop hosted application sessions. USB redirection is available for the following:. Windows. Linux.
Mac By default, USB redirection is allowed for certain classes of USB devices, and denied for others. You can restrict the types of USB devices made available to a virtual desktop by updating the list of USB devices supported for redirection, as described later in this section. Tip In environments where security separation between the user device and server is needed, Citrix recommends that users are informed about the types of USB devices to avoid. Optimized virtual channels are available to redirect most popular USB devices, and provide superior performance and bandwidth efficiency over a WAN. Optimized virtual channels are usually the best option, especially in high latency environments.
Note: For USB redirection purposes, Citrix Workspace app for Mac handles a SMART board the same as a mouse. The product supports optimized virtual channels with USB 3.0 devices and USB 3.0 ports, such as a CDM virtual channel used to view files on a camera or to provide audio to a headset).
The product also supports Generic USB Redirection of USB 3.0 devices connected to a USB 2.0 port. Some advanced device-specific features, such as Human Interface Device (HID) buttons on a webcam, may not work as expected with the optimized virtual channel; if this is an issue, use the Generic USB virtual channel. Certain devices are not redirected by default, and are only available to the local session. For example, it would not be appropriate to redirect a network interface card that is directly attached via internal USB. To use USB redirection:.
Connect the USB device to the device where Citrix Workspace app for Mac is installed. You will be prompted to select the available USB devices on your local system. Select the device you wish to connect and click Connect. If the connection fails, an error message appears. In the Preferences window Devices tab, the connected USB device is listed in the USB panel:. Select the type of virtual channel for the USB device, Generic or Optimized. A message is displayed.
Click to connect the USB device to your session: Use and remove USB devices Users can connect a USB device before or after starting a virtual session. When using Citrix Workspace app for Mac, the following apply:. Devices connected after a session starts immediately appear in the USB menu of the Desktop Viewer. If a USB device is not redirecting properly, sometimes you can resolve the problem by waiting to connect the device until after the virtual session has started. To avoid data loss, use the Windows Safe removal menu before removing the USB device. Configuring Enlightened Data Transport (EDT) By default, EDT is enabled in Citrix Workspace app for Mac. Citrix Workspace app for Mac reads the EDT settings as set in the default.ica file and applies it accordingly.
To disable EDT, run the following command in a terminal: defaults write com.citrix.receiver.nomas HDXOverUDPAllowed -bool NO Configure session reliability and auto client reconnect Session reliability keeps sessions active and on the user’s screen when network connectivity is interrupted. Users continue to see the application they are using until network connectivity resumes. With session reliability, the session remains active on the server. To indicate that connectivity is lost, the user’s display freezes until connectivity resumes on the other side of the tunnel. The user continues to access the display during the interruption and can resume interacting with the application when the network connection is restored.
Session reliability reconnects users without reauthentication prompts. Important Citrix Workspace app for Mac users cannot override the server setting. You can use session reliability with Transport Layer Security (TLS). Note TLS encrypts only the data sent between the user device and Citrix Gateway. Using session reliability policies The session reliability connections policy setting allows or prevents session reliability.
The session reliability timeout policy setting has a default of 180 seconds, or three minutes. Though you can extend the amount of time session reliability keeps a session open, this feature is designed to be convenient to the user and it does not, therefore, prompt the user for reauthentication. Tip As you extend the amount of time a session is kept open, chances increase that a user may get distracted and walk away from the user device, potentially leaving the session accessible to unauthorized users. Incoming session reliability connections use port 2598, unless you change the port number defined in the session reliability port number policy setting. If you do not want users to be able to reconnect to interrupted sessions without having to reauthenticate, use the Auto Client Reconnect feature. You can configure the Auto client reconnect authentication policy setting to prompt users to reauthenticate when reconnecting to interrupted sessions.
If you use both session reliability and auto client reconnect, the two features work in sequence. Session reliability closes, or disconnects, the user session after the amount of time you specify in the Session reliability timeout policy setting.
After that, the auto client reconnect policy settings take effect, attempting to reconnect the user to the disconnected session. Note Session reliability is enabled by default at the server. To disable this feature, configure the policy managed by the server. Configuring session reliability By default, session reliability is enabled. To disable session reliability:. Launch Citrix Studio.
Open the Session Reliability connections policy. Set the policy to Prohibited. Configuring session reliability timeout By default, session reliability timeout is set to 180 seconds. Note: Session reliability timeout policy can be configured only with XenApp/XenDesktop 7.11 and later. To modify session reliability timeout:. Launch Citrix Studio. Open the Session reliability timeout policy.
Edit the timeout value. Configuring auto client reconnection By default, auto client reconnection is enabled. To disable auto client reconnection:. Launch Citrix Studio.
Open the Auto client reconnect policy. Set the policy to Prohibited. Configuring Auto client reconnection timeout By default, Auto client reconnection timeout is set to 120 seconds.
Note: Auto client reconnect timeout policy can be configured only with XenApp/XenDesktop 7.11 and later. To modify auto client reconnect timeout:.
Launch Citrix Studio. Open the Auto client reconnect policy.
Edit the timeout value. Limitations: On a Terminal Server VDA, Citrix Workspace app for Mac uses 120 seconds as timeout value irrespective of the user settings. Configuring the Reconnect user interface transparency level The Session User Interface is displayed during a session reliability and auto client reconnect attempts. The transparency level of the user interface can be modified using Studio policy. By default, Reconnect UI transparency is set to 80%. To modify Reconnect user interface transparency level:.
Launch Citrix Studio. Open the Reconnect UI transparency level policy. Edit the value. Auto client reconnect and session reliability interaction Mobility challenges associated with switching between various access points, network disruptions and display timeouts related to latency create challenging environments when trying to maintain link integrity for active Citrix Workspace app for Mac sessions. To resolve this issue, Citrix enhanced session reliability and auto reconnection technologies present in this version of Workspace app for Mac.
Auto client reconnection, along with session reliability, allows users to automatically reconnect to their Citrix Workspace app for Mac sessions after recovering from network disruptions. These features, enabled by policies in Citrix Studio, can be used to vastly improve the user experience. Note: Auto client reconnection and session reliability timeout values can be modified using the default.ica file in StoreFront. Auto client reconnection Auto client reconnection can be enabled or disabled using Citrix Studio policies. By default, this feature is enabled. For information about modifying this policy, see the auto client reconnection section earlier in this article.
Use the default.ica file in StoreFront to modify the connection timeout for AutoClientReconnect; by default, this timeout is set to 120 seconds (or two minutes). Setting Example Default TransportReconnectRetryMaxTimeSeconds TransportReconnectRetryMaxTimeSeconds=60 120 Session reliability Session reliability can be enabled or disabled using Citrix Studio policies. By default, this feature is enabled. Use the default.ica file in StoreFront to modify the connection timeout for session reliability; by default, this timeout is set to 180 seconds (or three minutes). Setting Example Default SessionReliabilityTTL SessionReliabilityTTL=120 180 How auto client reconnection and session reliability works When auto client reconnection and session reliability are enabled for a Citrix Workspace app for Mac, consider the following:. A session window is greyed out when a reconnection is in progress; a countdown timer displays the amount of time remaining before the session is reconnected. Once a session is timed out, it is disconnected.
By default, the reconnect countdown timer notification starts at 5 minutes; this time value represents the combined default values for each of the timers (auto client reconnection and session reliability), 2 and 3 minutes respectively. The image below illustrates the countdown timer notification which appears in the upper right portion of the session interface: Tip You can alter the greyscale brightness used for an inactive session using a command prompt.
For example, defaults write com.citrix.receiver.nomas NetDisruptBrightness 80. By default, this value is set to 80.
The maximum value cannot exceed 100 (indicates a transparent window) and the minimum value can be set to 0 (a fully blacked out screen). Users are notified when a session successfully reconnects (or when a session is disconnected). This notification appears in the upper right portion of the session interface:.
A session window which is under auto client reconnect and session reliability control provides an informational message indicating the state of the session connection. Click Cancel Reconnection to move back to an active session. Configuring CEIP CEIP is scheduled to collect and securely upload data to Citrix at an interval of 7 days by default. You can change your participation in CEIP anytime using the Citrix Workspace app for Mac Security Preferences screen.
Tip When CEIP is disabled, minimal information containing only the installed Citrix Workspace app for Mac version is uploaded; this happens only once. This minimal information is valuable to Citrix because it provides the distribution of different versions used by customers. This happens only once as soon as CEIP is disabled. To disable CEIP, or to forego participation:. In the Preferences window, select Security and Privacy. Select the Privacy tab.
Change the appropriate radio button. For example, to disable CEIP, click “ No, Thanks.”. Click OK. Configure your application delivery When delivering applications with Citrix Virtual Apps and Desktops, consider the following options to enhance the experience for your users when they access their applications: Web access mode Without any configuration, Citrix Workspace app for Mac provides web access mode: browser-based access to applications and desktops. Users simply open a browser to a Workspace for Web or Web Interface site and select and use the applications that they want.
In web access mode, no app shortcuts are placed in the App Folder on your user’s device. Self-service mode By adding a StoreFront account to Citrix Workspace app for Mac or configuring Citrix Workspace app for Mac to point to a StoreFront site, you can configure self-service mode, which enables your users to subscribe to applications through Citrix Workspace app for Mac. This enhanced user experience is similar to that of a mobile app store. In self-service mode you can configure mandatory, auto-provisioned, and featured app keyword settings as needed.
When one of your users selects an application, a shortcut to that application is placed in the App Folder on the user device. When accessing a StoreFront 3.0 site, your users see the Citrix Workspace app for Mac Tech Preview user experience. When publishing applications on your Citrix Virtual Apps farms, to enhance the experience for users accessing those applications through StoreFront stores, ensure that you include meaningful descriptions for published applications. The descriptions are visible to your users through Citrix Workspace app for Mac.
Configure self-service mode As mentioned previously, by adding a StoreFront account to Citrix Workspace app for Mac or configuring Citrix Workspace app for Mac to point to a StoreFront site, you can configure self-service mode, which allows users to subscribe to applications from the Citrix Workspace app for Mac user interface. This enhanced user experience is similar to that of a mobile app store. In self-service mode, you can configure mandatory, auto-provisioned and featured app keyword settings as needed.
To automatically subscribe all users of a store to an application, append the string KEYWORDS:Auto to the description you provide when you publish the application in Citrix Virtual Apps. When users log on to the store, the application is automatically provisioned without the need for users to manually subscribe to the application. To advertise applications to users or make commonly used applications easier to find by listing them in the Citrix Workspace app for Mac Featured list, append the string KEYWORDS:Featured to the application description. For more information, see the documentation. If the Web Interface of your Citrix Virtual Apps deployment does not have a XenApp Services site, create a site. The name of the site and how you create the site depends on the version of the Web Interface you have installed.
For more information, see the documentation. Configure StoreFront With StoreFront, the stores you create consist of services that provide authentication and resource delivery infrastructure for Citrix Workspace app for Mac. Create stores that enumerate and aggregate desktops and applications from Citrix Virtual Apps and Desktops sites and Citrix Virtual Apps farms, making these resources available to users.
Install and configure StoreFront. For more information, see the documentation. Note: For administrators who need more control, Citrix provides a template you can use to create a download site for Citrix Workspace app for Mac. Configure stores for CloudGateway just as you would for other Citrix Virtual Apps and Desktops applications. No special configuration is needed for Citrix Workspace app for Mac. For more information, see Configuring Stores in the documentation.
Provide users with account information After installation, you must provide users with the account information they need to access their hosted applications and desktops. You can provide this information by:. Configuring email-based account discovery. Providing users with a provisioning file. Providing users with an auto-generated setup URL.
Providing users with account information to enter manually Configuring email-based account discovery You can configure Citrix Workspace app for Mac to use email-based account discovery. When configured, users enter their email address rather than a server URL during initial Citrix Workspace app for Mac installation and configuration.
Citrix Workspace app for Mac determines the Citrix Gateway, or StoreFront server associated with the email address based on Domain Name System (DNS) Service (SRV) records and then prompts the user to log on to access their hosted applications and desktops. To configure your DNS server to support email-based discovery, see the topic Configuring Email-based Account Discovery in the StoreFront documentation. To configure Citrix Gateway to accept user connections by using an email address to discover the StoreFront, Citrix Gateway, see Connecting to StoreFront by Using Email-Based Discovery in the Citrix Gateway documentation. Provide users with a provisioning file You can use StoreFront to create provisioning files containing connection details for accounts. You make these files available to your users to enable them to configure Citrix Workspace app for Mac automatically. After installing Citrix Workspace app for Mac, users simply open the file to configure Citrix Workspace app for Mac.
If you configure Workspace for Web sites, users can also obtain Citrix Workspace app for Mac provisioning files from those sites. For more information, see the documentation. Provide users with an auto-generated setup URL You can use the Citrix Workspace app for Mac Setup URL Generator to create a URL containing account information. After installing Citrix Workspace app for Mac, users simply click on the URL to configure their account and access their resources. Use the utility to configure settings for accounts and email or post that information to all your users at once. Provide users with account information to enter manually If providing users with account details to enter manually, ensure you distribute the following information to enable them to connect to their hosted and desktops successfully:.
The URL for the StoreFront store or XenApp Services site hosting resources; for example:. For access using Citrix Gateway: the Citrix Gateway address, product edition, and required authentication method For more information about configuring Citrix Gateway, see the Citrix Gateway documentation. When a user enters the details for a new account, Citrix Workspace app for Mac attempts to verify the connection. If successful, Citrix Workspace app for Mac prompts the user to log on to the account. Configuring auto-update Configuring using the graphical user interface An individual user can override the Citrix Workspace Updates setting using the Preferences dialog. This is a per-user configuration and the settings apply only to the current user.
Go to the Preferences dialog in Citrix Workspace app for Mac. In the Advanced pane, click Auto Update.
The Citrix Workspace Updates dialog appears. Select one of the following options:.
Yes, notify me. No, don’t notify me. Use administrator specified settings. Close the dialog box to save the changes. Configuring Citrix Workspace Updates using StoreFront Administrators can configure Citrix Workspace Updates using StoreFront. Citrix Workspace app for Mac only uses this configuration for users who have selected “Use administrator specified settings.” To manually configure it, follow the steps below.
Use a text editor to open the web.config file. The default location is C: inetpub wwwroot Citrix Roaming web.config. Locate the user account element in the file (Store is the account name of your deployment) For example: Before the tag, navigate to the properties of that user account:. Add the auto-update tag after tag. Auto-update-Check This determines that Citrix Workspace app for Mac can detect if updates are available.
Valid values:. Auto – Use this option to get notifications when updates are available. Manual – Use this option to not get any notification when updates are available.
Users need to check manually for updates by selecting Check for Updates. Disabled – Use this option to disable Citrix Workspace Updates. Auto-update-DeferUpdate-Count This determines the number of times the end user will be notified to upgrade before they are forced to update to the latest version of Citrix Workspace app for Mac. By default, this value is 7. Valid values:.1 – The end user will always have the option of getting reminded later when an update is available. 0 – The end user will be forced to update to the latest version of Citrix Workspace app for Mac as soon as the update is available. Positive integer – The end user will be reminded this many number of times before being forced to update.
Citrix recommends not to set this value higher than 7. Auto-update-Rollout-Priority This determines how quickly a device will see that an update is available. Valid values:. Auto – The Citrix Workspace Updates system will decide when available updates are rolled out to users.
Fast – Available updates will be rolled out to users on high priority as determined by Citrix Workspace app for Mac. Medium – Available updates will be rolled out to users on medium priority as determined by Citrix Workspace app for Mac. Slow – Available updates will be rolled out to users on low priority as determined by Citrix Workspace app for Mac. Configuring the enhanced client IME using the configuration file The enhanced client IME is dependent on the keyboard layout synchronization feature. By default, the enhanced IME feature is enabled when the keyboard layout synchronization feature is turned on. To control this feature alone, open the Config file in the / Library/ Application Support/ Citrix Workspace/ folder, locate the “ EnableIMEEnhancement” setting and turn the feature on or off by setting the value to “true” or “false,” respectively.
Note: The setting change takes effect after restarting the session. Keyboard layout synchronization Keyboard layout synchronization enables users to switch among preferred keyboard layouts on the client device. This feature is disabled by default. To enable keyboard layout synchronization, go to Preferences Keyboard and select “Use local keyboard layout, rather than the remote server keyboard layout.” Note:. Using the local keyboard layout option activates the client IME (Input Method Editor). If users working in Japanese, Chinese or Korean prefer to use the server IME, they must disable the local keyboard layout option by clearing the option in Preferences Keyboard. The session will revert to the keyboard layout provided by the remote server when they connect to the next session.
The feature works in the session only when the toggle in the client is turned on and the corresponding feature enabled on the VDA; a menu item,“ Use Client Keyboard Layout,” in Devices Keyboard International is added to show the enabled state. Limitations:. Using the keyboard layouts listed in “ Supported Keyboard Layouts in Mac” works while using this feature. When you change the client keyboard layout to a non-compatible layout, the layout might be synced on the VDA side, but functionality cannot be confirmed. Remote applications that run with elevated privileges (for example, running applications as an administrator) can’t be synchronized with the client keyboard layout.
To work around this issue, manually change the keyboard layout on the VDA or disable UAC. When RDP is deployed as an application and the user is working within an RDP session, it is not possible to change the keyboard layout using the Alt + Shift shortcuts.
To work around this issue, users can use the language bar in the RDP session to switch the keyboard layout. Language bar You can choose to show or hide the remote language bar in an application session using the graphical user interface. The language bar displays the preferred input language in a session. In earlier releases, you might change this setting using only the registry keys on the VDA. Starting with Citrix Workspace for Mac version 1808, you can change the settings using the Preferences dialog. The language bar appears in a session by default.
Note: This feature is available in sessions running on VDA 7.17 and later. Configure showing or hiding the remote language bar. Open Preferences.
Click Keyboard. Click or unclick Show the remote language bar for the published applications. Note: The setting changes take effect immediately. You can change the settings in an active session.
The remote language bar does not appear in a session if there is only one input language. The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only.
Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.
. Configure a local username and password on the switch. Ensure that the VLANs are configured on the switch and that the appropriate port assignments have been made if you plan to use multiple VLANs with MAC authentication.
Ping the switch console interface to ensure that the switch is able to communicate with the RADIUS server you are configuring to support MAC authentication. Configure the switch with the correct IP address and encryption key to access the RADIUS server. Configure the switch for MAC authentication with the ports you will be using. Test both the authorized and unauthorized access to your system to ensure that MAC authentication works properly on the ports you have chosen to configure for port-access. Configuring the global MAC authentication password MAC authentication requires that only a single entry containing the username and password is placed in the user database with the device's MAC address. This creates an opportunity for malicious device spoofing.
The global password option configures a common MAC authentication password to use for all MAC authentications sent to the RADIUS server. This makes spoofing more difficult. It is important that when implementing the global MAC authentication password option, that the user database on the RADIUS server has this password as the password for each device performing MAC authentication.
Aaa port-access mac-based addr-format Specifies the MAC address format used in the RADIUS request message. This format must match the format used to store the MAC addresses in the RADIUS server. Default: no-delimiter no-delimiter: specifies an aabbccddeeff format. Single-dash: specifies an aabbcc-ddeeff format. Multi-dash: specifies an aa-bb-cc-dd-ee-ff format. Multi-colon: specifies an aa:bb:cc:dd:ee:ff format.
No-delimiter-uppercase: specifies an AABBCCDDEEFF format. Single-dash-uppercase: specifies an AABBCC-DDEEFF format multi-dash-uppercase: specifies an AA-BB-CC-DD-EE-FF format multi-colon-uppercase: specifies an AA:BB:CC:DD:EE:FF format. no aaa port-access mac-based e addr-moves Allows client moves between the specified ports under MAC authenticated control. When enabled, the switch allows addresses to move without requiring a re-authentication. When disabled, the switch does not allow moves and when one occurs, the user will be forced to re-authenticate. At least two ports (from ports and to ports) must be specified.
Use the no form of the command to disable MAC address moves between ports under MAC authenticated control. Default: Disabled – no moves allowed. Configuring custom messages for failed logins This feature allows administrators to configure custom messages that are displayed when authentication with the RADIUS server fails. The messages are appended to existing internal web pages that display during the authentication process.
Messages can be configured using the CLI, or centrally using the RADIUS server, and can provide a description of the reason for a failure as well as possible steps to take to resolve the authentication issue. There is no change to the current web-based authentication functionality. Specifies the text message (ASCII string) shown on the web page after an unsuccessful login attempt. The message must be enclosed in quotes.
The no form of the command means that no message is displayed upon failure to authenticate. Default: The internal web page is used.
No message will be displayed upon authentication failure. Access-denied-str: The text message that is appended to the end of the web page when there is an unsuccessful authentication request. The string can be up to 250 ASCII characters.
Radius-response: Use the text message provided in the RADIUS server response to the authentication request. When the redirect feature is enabled, a client that fails MAC authentication is moved into the unauthorized MAC authentication redirection state.
A client in the redirect state (having failed MAC authentication) with a web browser open sends a DHCP request. The switch responds with a DHCP lease for an address in the switch configurable DHCP address range. Additionally, the switch IP address becomes the client’s default gateway. All ARP/DNS requests are handled by the switch and all requests are directed to the switch. The switch replies to these requests with its own address. The client requests a web page. The switch takes this request and responds to the client browser with an HTTP redirect to the configured URL.
Reauthenticate Port(s For Mac Os
The client MAC address and interface port are appended as HTTP parameters. Before returning the initial registration page to the client, the switch enables NAT so that all subsequent requests will go to the web server directly. The initial HTML page is returned to the switch and then proxied to the client. After the registration process completes, the registration server updates the RADIUS server with the client’s username, password, and profile. The client remains in the redirect state until the client’s time exceeds the configured timeout or the switch receives an SNMP deauthentication request from the registration server. The registration server sends an SNMP request to the switch with the MAC identification and interface port to reauthenticate or deauthenticate the client. The switch moves the client out of the special web-based/MAC authentication redirect state and the client becomes unknown to the switch again.
This sets the stage for a new MAC authentication cycle. Using the restrictive-filter option The restrictive-filter option allows the switch to reply to all HTTP requests to the switch IP address with an HTTP-redirect containing the URL of the registration server. It is used when there is no registration process and only a warning or informational page is displayed to the client. If SSL is not configured, the switch verifies that the MAC address and interface port parameters are present.
If SSL is enabled, the switch ensures that the HTTP request is to the registration server’s destination IP address. The show command displays the HTTP redirect configuration. Number of authorized and unauthorized clients.
VLAN ID number of the untagged VLAN used. If the switch supports MAC (untagged) VLANs, MACbased is displayed to show that multiple untagged VLANs are configured for authentication sessions. If tagged VLANs (statically configured or RADIUS-assigned) are used ( Yes or No.). If client-specific per-port CoS (Class of Service) values are configured ( Yes or No) or the numerical value of the CoS (802.1p priority) applied to all inbound traffic. For client-specific per-port CoS values, enter the show port-access web-based clients detailed command.
If per-port rate-limiting for inbound traffic is applied ( Yes or No) or the percentage value of the port's available bandwidth applied as a rate-limit value. If RADIUS-assigned ACLs are applied. Information on ports not enabled for MAC authentication is not displayed.
Show port-access mac-based clients port-list Displays the session status, name, and address for each MAC authenticated client on the switch. The IP address displayed is taken from the DHCP binding table (learned through the DHCP Snooping feature). If DHCP snooping is not enabled on the switch, n/a (not available) is displayed for a client's IP address. If a MAC-authenticated client uses an IPv6 address, n/a - IPv6 is displayed.
If DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table, n/a - no info is displayed. This syntax shows session status, name, and address for each web-based authenticated client on the switch. The IP address displayed is taken from the DHCP binding table, learned through DHCP snooping.The following can appear if the client's IP address is not available: n/a — DHCP snooping is not enabled on the switch; n/a is displayed for a client's IP address. N/a-IPv6 — a web-based authenticated client uses an IPv6 address. N/a-no info — DHCP snooping is enabled but no MAC-to-IP address binding for a client is found in the DHCP binding table.
Invalid credentials supplied. RADIUS Server difficulties. See log file. Timed out-no vlan No network access RADIUS request timed out.
Reauthenticate Port(s For Mac Free
If unauth-vid is specified it cannot be successfully applied to the port. An authorized client on the port has precedence. Credentials resubmitted after quiet-period expires. Timed out-unauth vlan Unauthorized VLAN only RADIUS request timed out. After the quiet-period expires credentials are resubmitted when client generates traffic. Unauthenticated Switch only Waiting for user credentials.