< Home

display access-user

Function

The display access-user command displays information about NAC access users.

Format

display access-user service-scheme service-scheme

display access-user access-type static

display access-user access-type { dot1x | mac-authen | portal | none } [ wired | wireless ]

display access-user event { pre-authen | authen-fail | client-no-response | authen-server-down }

display access-user ucl-group { group-index | name ucl-group-name } [ detail ]

display access-user option82 { circuit-id text | remote-id text }

Only the S5730-HI, S5731-H, S5731S-H, S6730-H, S6730S-H, S5732-H, S6720-HI, and S5720-HI support the wireless parameter.

Parameters

Parameter

Description

Value
service-scheme service-scheme

Displays information about users assigned with a specified service scheme.

The value must be the name of an existing service scheme.
access-type

Displays information about users using a specified authentication mode.

-
dot1x

Displays information about users who pass 802.1X authentication.

-
mac-authen

Displays information about users who pass MAC address authentication.

-
portal

Displays information about users who pass Portal authentication.

-
none

Displays information about users whose AAA scheme is non-authentication.

-
static

Displays static user information.

-
event

Displays information about users in a specified authentication phase.

-
pre-authen

Displays information about users in the pre-connection phase.

-
authen-fail

Displays information about users who fail to be authenticated and are assigned network access policies when the authentication server sends authentication failure packets to the device.

-
client-no-response

Displays information about 802.1X authentication users who fail to be authenticated and are assigned network access policies when the 802.1X client does not respond.

-
authen-server-down

Displays information about users who fail to be authenticated due to the Down status of the authentication server and are assigned network access policies.

-
ucl-group

Displays information about users in a specified UCL group.

-
group-index

Specifies the index of a UCL group.

The value must be an existing UCL group index.
name ucl-group-name

Specifies the name of a UCL group.

The value must be an existing UCL group name.
detail

Displays detailed user information.

-
option82

Displays information about MAC address authentication users who use the Option 82 field as user names.

-
circuit-id text

Displays information about MAC address authentication users who specify the circuit ID as user names.

The value must be existing circuit-id information.
remote-id text

Displays information about MAC address authentication users who specify the remote ID as user names.

The value must be existing remote-id information.
wired

Displays information about wired users.

-
wireless

Displays information about wireless users.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to check information about online NAC users.

Example

# Display information about users who are assigned the service scheme huawei.
<HUAWEI> display access-user service-scheme huawei
 ------------------------------------------------------------------------------ 
 UserID Username                IP address       MAC            Status          
 ------------------------------------------------------------------------------ 
 16018  zqm                     10.12.12.254     78ac-c0c2-0175 Pre-authen      
 ------------------------------------------------------------------------------ 
 Total: 1, printed: 1
# Display information about users in the pre-connection phase.
<HUAWEI> display access-user event pre-authen
 ------------------------------------------------------------------------------ 
 UserID Username                IP address       MAC            Status          
 ------------------------------------------------------------------------------ 
 16018  zqm                     10.12.12.254     78ac-c0c2-0175 Pre-authen      
 ------------------------------------------------------------------------------ 
 Total: 1, printed: 1

Only letters, digits, and special characters can be displayed for username.

When the value of username contains special characters or characters in other languages except English, the device displays dots (.) for these characters. If there are more than three such consecutive characters, three dots (.) are displayed. Here, the special characters are the ASCII codes smaller than 32 (space) or larger than 126 (~).

When the value of username is longer than 20 characters, the device displays up to three dots (.) for the characters following 19; that is, only 22 characters are displayed.

Table 1 Description of the display access-user command output

Item

Description
UserID ID automatically allocated to an online user by the device.
Username User name.
IP address User IP address.

When both IPv4 and IPv6 addresses exist, only the IPv4 address is recorded.

When only IPv6 addresses exist, only the latest updated IPv6 address is recorded.
MAC User MAC address.
Status User status.
  • Open: For a wired user, the user goes online through the open function upon authentication failure. For wireless users, no authentication is performed.
  • Success: authentication is successful
  • Pre-authen: pre-authentication
  • Client-no-resp: the client does not respond
  • Fail-authorized: authorization upon authentication failure
  • Web-server-down: web server is Down
  • Aaa-server-down: AAA server is Down
Parent Topic: NAC Configuration Commands (Unified Mode)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >