< Home

Monitoring the NAC Authentication Service

Context

In routine maintenance, you can run the following commands in any view to check whether NAC is functioning properly.

Procedure

  • Run the display access-user command to check information about NAC access users.
  • Run the display dot1x command to check information about 802.1X authentication.
  • Run the display mac-authen command to check information about MAC address authentication.
  • Run the display portal command to check information about Portal authentication.
  • Run the display portal local-server connect command to check the connection status of users to be authenticated on a built-in Portal server.
  • Run the display server-detect state command to check the status of a Portal server.
  • Run the display mac-address authen command to check MAC address entries of the authen type in the system.
  • Run the display mac-address pre-authen command to check MAC address entries of the Pre-authen type in the system.
  • Run the display ucl-group all command to check information about all UCL groups that have been created.
  • Run the display ucl-group ip command (supported only by the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S6720-HI, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-EI, and S6720S-EI) to check information about static UCL groups.
  • Run the display ucl-group domain domain-name domain-name command (supported only by the S5720-HI, S5730-HI, S5731-H, S5731S-H, S6720-HI, S5732-H, S6730-H, S6730S-H, and S6730S-HI) to check information about domain names of static UCL groups.
  • Run the display dns snooping interface enable-list command (supported only by the S5720-HI, S5730-HI, S5731-H, S5731S-H, S6720-HI, S5732-H, S6730-H, S6730S-H, and S6730S-HI) to check information about the interfaces enabled with DNS snooping.
  • Run the display dns snooping dn-ip-cache command (supported only by the S5720-HI, S5730-HI, S5731-H, S5731S-H, S6720-HI, S5732-H, S6730-H, S6730S-H, and S6730S-HI) to check information about DNS snooping IP address and domain name entries.
  • Run the display dns snooping dn-rule-list command (supported only by the S5720-HI, S5730-HI, S5731-H, S5731S-H, S6720-HI, S5732-H, S6730-H, S6730S-H, and S6730S-HI) to check information about the DNS snooping domain name rule table.
  • Run the display aaa statistics access-type-authenreq command to verify the number of authentication requests.
  • Run the display access-user-num [ interface wlan-dbss wlan-dbss-interface-id ] command to check the number of online users on a VAP.
Parent Topic: Maintaining NAC
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic