< Home

display dot1x

Function

The display dot1x command displays 802.1X authentication information.

Format

display dot1x statistics

display dot1x [ interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10> ]

Parameters

Parameter

Description

Value

statistics

Displays statistics on 802.1X authentication.

The statistics about 802.1X authentication is displayed only when this parameter is specified.

-

interface { interface-type interface-number1 [ to interface-number2 ] }

Displays 802.1X authentication information on a specified interface.

  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

802.1X authentication information on all device interfaces is displayed if this parameter is not specified.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display dot1x command to view configuration results of all configuration commands in 802.1X authentication and statistics about 802.1X packets.

The command output helps you to check whether the current 802.1X authentication configuration is correct and isolate faults accordingly.

Follow-up Procedure

The display dot1x command displays the statistics on 802.1X packets. You can locate the fault according to the packet statistics. When the fault is rectified, run the reset dot1x statistics command to clear the packet statistics. After a period of time, run the display dot1x command again to check the packet statistics. If no error packet is found, the fault is rectified.

Example

# Display 802.1X authentication information.

<HUAWEI> display dot1x
  Global 802.1x is Enabled
  Authentication method is CHAP
  Max users: 1024
  Current users: 1
  DHCP-trigger is Disabled
  Handshake is Enabled
  Quiet function is Enabled
  Mc-trigger port-up-send is Disabled
  Parameter set:Dot1x Handshake Period        16s   Reauthen Period     60s
                Arp Handshake Period           0s   Client Timeout      10s
                Quiet Period                 600s   Quiet-times          2
                Eth-Trunk Handshake Period   120s   Tx Period           30
                Mac-By-Pass Delay             30s
  Dot1x URL: www.***.com.cn
  Free-ip configuration(IP/mask):    192.168.1.0     /255.255.255.0
 GigabitEthernet0/0/3 status: UP  802.1x protocol is Enabled
  Port control type is Auto
  Authentication mode is MAC-based
  Authentication method is CHAP
  Reauthentication is disabled
  Dot1x retry times: 2
  Authenticating users: 1
  Current users: 1

  Authentication Success: 1          Failure: 0
  Enter Enquence        : 0
  EAPOL Packets: TX     : 19         RX     : 0
  Sent      EAPOL Request/Identity Packets       : 1
            EAPOL Request/Challenge Packets      : 0
            Multicast Trigger Packets            : 18
            EAPOL Success Packets                : 0
            EAPOL Failure Packets                : 0
  Received  EAPOL Start Packets                  : 0
            EAPOL Logoff Packets                 : 0
            EAPOL Response/Identity Packets      : 0
            EAPOL Response/Challenge Packets     : 0

 Online user(s) info:
 UserId   MAC/VLAN            AccessTime              UserName
 ------------------------------------------------------------------------------
 17487    000c-2952-fd80/34   2018/07/30 09:49:15     lss
 ------------------------------------------------------------------------------
 Total: 1, printed: 1
# Display 802.1X statistics.
<HUAWEI> display dot1x statistics
  Dropped   EAPOL Access Flow Control       : 0
            EAPOL Check Sysmac Error        : 0
            EAPOL Get Vlan ID Error         : 0
            EAPOL Packet Flow Control       : 0
            EAPOL Online User Reach Max     : 0
            EAPOL Static or BlackHole Mac   : 0
            EAPOL Get Vlan Mac Error        : 0
            EAPOL Temp User Exist           : 0
            EAPOL no replace dot1x          : 0  

  DHCP      Enter Enqueue                        : 0
            Processed Packet                     : 0
            Dropped Packet                       : 0

  ARP       Enter Enqueue                        : 0
            Processed Packet                     : 0
            Dropped Packet                       : 0

  ND        Enter Enqueue                        : 0
            Processed Packet                     : 0
            Dropped Packet                       : 0

  DHCPv6    Enter Enqueue                        : 0
            Processed Packet                     : 0
            Dropped Packet                       : 0

  Sent      Authentication Request               : 0
            Cut Request                          : 0
            Cut Command Ack                      : 0
            Authentication Ack Fail Aff          : 0
            Update Ip                            : 0
            Wlan Eap Authentication Request      : 0
            Wlan Eap Authentication Request Ack  : 0
            Wlan Eap Send Pmk                    : 0
            Wlan Eap Reauthenticate Send Pmk     : 0
            Update User Online Time              : 0

  Received  Authentication Ack                   : 0
            Reauthenticate Command               : 0
            Cut Command                          : 0
            Cut Ack                              : 0
            Sam Nac Ack                          : 0
            Notify Server Up                     : 0
            Wlan Eap Authentication Request      : 0
            Wlan Mac Authentication Request      : 0
            Notify Vlanif Mac Authentication     : 0
Table 1 Description of the display dot1x command output

Item

Description

Global 802.1x is Enabled

802.1X authentication is enabled globally.

To enable 802.1X authentication, run the dot1x enable command.

Authentication method is CHAP

CHAP authentication is enabled. The authentication methods include EAP, CHAP, and PAP

To enable CHAP authentication, run the dot1x authentication-method command.

Max users

Maximum number of global online users, the value varies according to device models.

To set the maximum number of global online users, run the dot1x max-user command.

Current users

Number of current online users.

DHCP-trigger is Disabled

Authentication triggering through DHCP packets is disabled.

To trigger authentication using DHCP packets, run the dot1x dhcp-trigger command.

Handshake is Enabled

The handshake function is enabled for online users.

Quiet function is Disabled

The quiet function is disabled for users.

To enable the quiet function, run the dot1x quiet-period command.

Mc-trigger port-up-send is Disabled

The function of triggering 802.1X authentication through multicast packets immediately after an interface goes Up is disabled.

To configure the function, run the dot1x mc-trigger port-up-send enable command.

Parameter set

Settings of 802.1X authentication parameters.

Dot1x Handshake Period

Handshake interval between the device and 802.1X authentication client connected to a non-Eth-Trunk interface.

To set the handshake interval, run the dot1x timer command.

Reauthen Period

Re-authentication interval.

To set the re-authentication interval, run the dot1x timer command.

Arp Handshake Period

Handshake interval of the device with pre-connection users and authorized users.

Client Timeout

Timeout interval of a client.

To set the timeout interval of a client, run the dot1x timer command.

Quiet Period

Value of the quiet timer.

To set the value of the quiet timer, run the dot1x timer command.

Quiet-times

Maximum number of authentication failures before an 802.1X user enters the quiet state.

To set the maximum number of authentication failures, run the dot1x quiet-times command.

Eth-Trunk Handshake Period

Handshake interval between the device and 802.1X authentication client connected to an Eth-Trunk.

To set the handshake interval, run the dot1x timer command.

Tx Period

The interval for sending authentication requests.

To set the timeout interval of a client, run the dot1x timer command.

Mac-By-Pass Delay

The value of the delay timer for MAC address bypass authentication.

To set the timeout interval of a client, run the dot1x timer command.

Dot1x URL

Redirect-to URL.

To set the redirect-to URL, run the dot1x url command.

Free-ip configuration(IP/mask)

Free IP subnet.

To set the free IP subnet, run the dot1x free-ip command.

GigabitEthernet0/0/1 state

State of an interface.

  • UP: The interface is started.
  • DOWN: The interface is shut down.

802.1x protocol is Enabled[mac-bypass]

802.1X authentication is enabled on the interface. To enable 802.1X authentication, run the dot1x enable command.

To configure MAC address bypass authentication, run the dot1x mac-bypass command. If MAC address bypass authentication is configured, [mac-bypass] is displayed.

Port control type is Auto

The control mode on the interface is auto for 802.1X authentication user access. The access control modes include auto, authorized-force, and unauthorized-force.

To set the control mode, run the dot1x port-control command.

Authentication mode is MAC-based

The MAC address-based authentication method is used on the interface.

To set the authentication method on the interface, run the dot1x port-method command.

Reauthentication is disabled

802.1x user re-authentication is disabled on the interface.

To enable 802.1X user re-authentication, run the dot1x reauthenticate command.

Dot1x retry times

Maximum number of times an authentication request is sent to an 802.1X user.

To set the maximum number of times an authentication request is sent to an 802.1X user, run the dot1x retry command.

Authenticating users

Number of users who are being authenticated.

Current users

Number of current online users on the interface.

Authentication Success

Number of successful authentications.

The statistics include statistics on online 802.1X users but not on the users using MAC address bypass authentication.

Failure

Number of failed authentications.

The statistics include statistics on online 802.1X users but not on the users using MAC address bypass authentication.

Enter Enquence

Number of packets entering the queue.

EAPOL Packets

Number of globally EAPOL packets.

  • TX: Number of sent EAPOL packets.
  • RX: Number of received EAPOL packets.

Sent

Statistics of sent packet.

EAPOL Request/Identity Packets

Number of globally EAPOL Request/Identity packets.

EAPOL Request/Challenge Packets

Number of globally EAPOL Request/Challenge packets.

Multicast Trigger Packets

Number of multicast packets that trigger authentication.

EAPOL Success Packets

Number of globally EAPOL Success packets.

EAPOL Failure Packets

Number of globally EAPOL Failure packets.

Received

Statistics of received packet.

EAPOL Start Packets

Number of globally EAPOL Start packets.

EAPOL Logoff Packets

Number of globally EAPOL LogOff packets.

EAPOL Response/Identity Packets

Number of globally EAPOL Response/Identity packets.

EAPOL Response/Challenge Packets

Number of globally EAPOL Response/Challenge packets.

Online user(s) info

Online user information:

  • UserId: User ID.
  • MAC/VLAN: MAC address/VLAN ID.
  • AccessTime: Access time.
  • UserName: User name.
  • Total: Total number of online users.
  • printed: Number of displayed online users.

Dropped
Number of discarded EAP packets.
  • EAPOL Access Flow Control: number of packets that are discarded because the user access rate is exceeded.
  • EAPOL Check Sysmac Error: number of packets that are discarded because the device MAC address is incorrect.
  • EAPOL Get Vlan ID Error: number of packets that are discarded because the obtained VLAN ID is incorrect.
  • EAPOL Packet Flow Control: number of packets that are discarded because the packet access rate is exceeded.
  • EAPOL Online User Reach Max: number of packets that are discarded because the number of online users reaches the maximum.
  • EAPOL Static or BlackHole Mac: number of packets that are discarded because the packet MAC address is a static MAC address or blackhole MAC address.
  • EAPOL Get Vlan Mac Error: number of packets that are discarded because the obtained VLAN MAC address is incorrect.
  • EAPOL Temp User Exist: number of packets that are discarded because the temporary user exists.
  • EAPOL no replace dot1x: number of EAP Start packets that are discarded due to 802.1X authentication of successfully authenticated MAC or Portal users.

DHCP

DHCP packet statistics.

ARP

ARP packet statistics.

ND

ND packet statistics.

DHCPv6

DHCPv6 packet statistics.

Processed Packet

Number of processed packets.

Dropped Packet

Number of discarded packets.

Authentication Request

Number of authentication request messages.

Cut Request

Number of logout request messages.

Cut Command Ack

Number of acknowledgment messages to logout command request messages.

Authentication Ack Fail Aff

Number of the user is disconnected after the wireless user authentication fails.

Update Ip

Number of IP address update messages.

Wlan Eap Authentication Request

Number of EAP authentication request messages initiated by the WLAN module.

Wlan Eap Authentication Request Ack

Number of acknowledgment messages to EAP authentication request messages initiated by the WLAN module.

Wlan Eap Send Pmk

Number of PMK messages sent when the WLAN module performs EAP authentication.

Wlan Eap Reauthenticate Send Pmk

Number of PMK messages sent when the WLAN module performs EAP re-authentication.

Update User Online Time

Number of the user online time is updated.

Authentication Ack

Number of authentication acknowledgment messages.

Reauthenticate Command

Number of re-authentication messages.

Cut Command

Number of logout command request messages.

Cut Ack

Number of acknowledgment messages to logout request messages.

Sam Nac Ack

Number of EAP messages replied by the SAM module.

Notify Server Up

Number of RADIUS server Up messages.

Wlan Mac Authentication Request

Number of MAC authentication request messages initiated by the WLAN module.

Notify Vlanif Mac Authentication

Number of MAC authentication request messages of a VLANIF interface.
Parent Topic: NAC Configuration Commands (Common Mode)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >