display dot1x

Function

The display dot1x command displays 802.1X authentication information.

Format

display dot1x statistics

display dot1x [ interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10> ]

Parameters

Parameter	Description	Value
statistics	Displays statistics on 802.1X authentication. The statistics about 802.1X authentication is displayed only when this parameter is specified.	-
interface { interface-type interface-number1 [ to interface-number2 ] }	Displays 802.1X authentication information of a specified interface. interface-type specifies the interface type. interface-number specifies the interface number. If this parameter is not specified, 802.1X authentication information of all interfaces is displayed.	-

Parameter

Description

Value

statistics

Displays statistics on 802.1X authentication.

The statistics about 802.1X authentication is displayed only when this parameter is specified.

interface { interface-type interface-number1 [ to interface-number2 ] }

Displays 802.1X authentication information of a specified interface.

interface-type specifies the interface type.
interface-number specifies the interface number.

If this parameter is not specified, 802.1X authentication information of all interfaces is displayed.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display dot1x command to view configuration results of all configuration commands in 802.1X authentication and statistics about 802.1X packets.

The command output helps you to check whether the current 802.1X authentication configuration is correct and isolate faults accordingly.

Follow-up Procedure

The display dot1x command displays the statistics on 802.1X packets. You can locate the fault according to the packet statistics. When the fault is rectified, run the reset dot1x statistics command to clear the packet statistics. After a period of time, run the display dot1x command again to check the packet statistics. If no error packet is found, the fault is rectified.

Example

# Display 802.1X authentication information.

<HUAWEI> display dot1x
  Max users: 10000
  Current users: 1
  Global default domain is jqq
  Dot1x abnormal-track cache-record-num: 20
  Quiet function is Disabled
  Mc-trigger port-up-send is Disabled
  Parameter set:Quiet Period                 180s   Quiet-times          1
                Tx Period                     30s   Mac-By-Pass Delay   10s
  Dot1x URL: 123456

 GigabitEthernet0/0/1 status: UP  802.1x protocol is Enabled
  Dot1x access profile is jqq
  Authentication mode is multi-authen
  Authentication method is EAP
  Reauthentication is enabled
  Reauthen period: 300s
  Dot1x retry times: 2
  Authenticating users: 0
  Current users: 0

  Authentication Success: 0          Failure: 0
  Enter Enquence        : 0
  EAPOL Packets: TX     : 68         RX     : 0
  Sent      EAPOL Request/Identity Packets  : 3
            EAPOL Request/Challenge Packets : 0
            Multicast Trigger Packets       : 64
            EAPOL Success Packets           : 0
            EAPOL Failure Packets           : 1
  Received  EAPOL Start Packets             : 0
            EAPOL Logoff Packets            : 0
            EAPOL Response/Identity Packets : 0
            EAPOL Response/Challenge Packets: 0

 Online user(s) info:
 UserId   MAC/VLAN            AccessTime              UserName
 ------------------------------------------------------------------------------
 1047     1044-00c7-07a9/27   2018/12/06 19:27:54     jqq
 ------------------------------------------------------------------------------
 Total: 1, printed: 1

# Display 802.1X statistics.

<HUAWEI> display dot1x statistics
  Dropped   EAPOL Access Flow Control       : 0
            EAPOL Check Sysmac Error        : 0
            EAPOL Get Vlan ID Error         : 0
            EAPOL Packet Flow Control       : 0
            EAPOL Online User Reach Max     : 0
            EAPOL Static or BlackHole Mac   : 0
            EAPOL Get Vlan Mac Error        : 0
            EAPOL Temp User Exist           : 0
            EAPOL no replace dot1x          : 0  

  DHCP      Enter Enqueue                        : 0
            Processed Packet                     : 0
            Dropped Packet                       : 0

  ARP       Enter Enqueue                        : 0
            Processed Packet                     : 0
            Dropped Packet                       : 0

  ND        Enter Enqueue                        : 0
            Processed Packet                     : 0
            Dropped Packet                       : 0

  DHCPv6    Enter Enqueue                        : 0
            Processed Packet                     : 0
            Dropped Packet                       : 0

  Sent      Authentication Request               : 0
            Cut Request                          : 0
            Cut Command Ack                      : 0
            Authentication Ack Fail Aff          : 0
            Update Ip                            : 0
            Wlan Eap Authentication Request      : 0
            Wlan Eap Authentication Request Ack  : 0
            Wlan Eap Send Pmk                    : 0
            Wlan Eap Reauthenticate Send Pmk     : 0
            Update User Online Time              : 0

  Received  Authentication Ack                   : 0
            Reauthenticate Command               : 0
            Cut Command                          : 0
            Cut Ack                              : 0
            Sam Nac Ack                          : 0
            Notify Server Up                     : 0
            Wlan Eap Authentication Request      : 0
            Wlan Mac Authentication Request      : 0
            Notify Vlanif Mac Authentication     : 0

**Table 1** Description of the **display dot1x** command output
Item	Description
Max users	Maximum number of global online users, the value varies according to device models.
Current users	Number of current online users.
Global default domain is	Global default authentication domain. To configure the global default authentication domain, run the domain command.
Dot1x abnormal-track cache-record-num	Number of EAP packets for abnormal 802.1X authentication that can be recorded by the device. For details, see dot1x abnormal-track cache-record-num.
Quiet function is	Whether the quiet function is enabled. Enabled. Disabled. To configure the quiet function, run the dot1x quiet-period command.
Mc-trigger port-up-send is	Whether the function of triggering 802.1X authentication through multicast packets immediately after an interface goes Up is enabled. Enabled. Disabled. To configure the function, run the dot1x mc-trigger port-up-send enable command.
Parameter set	Settings of 802.1X parameters: Quiet Period: specifies the quiet period set by the quiet timer. To configure the quiet period, run the dot1x timer quiet-period command. Quiet-times: specifies the maximum number of authentication failures before the device quiets a user. To configure the maximum value, run the dot1x quiet-times command. Tx Period: specifies the interval for sending authentication requests. To configure the interval, run the dot1x timer tx-period command. Mac-By-Pass Delay: specifies the value of the delay timer for MAC address bypass authentication.
Dot1x URL	Redirect-to URL for HTTP access of 802.1X users. To configure the redirect-to URL, run the dot1x url command.
interface status	Interface status: UP: The interface is enabled. DOWN: The interface is shut down.
802.1x protocol is	Whether 802.1X authentication is enabled on the interface. Enabled. Disabled.
Dot1x access profile is	802.1X access profile name. To configure the 802.1X access profile name, run the dot1x-access-profile command.
Authentication mode is	User access mode. To configure the user access mode, run the authentication mode command.
Authentication method is	Authentication mode of 802.1X users. To configure the authentication mode of 802.1X users, run the dot1x authentication-method command.
Reauthentication is	Whether re-authentication is enabled for online 802.1X users. To configure the function, run the dot1x reauthenticate command.
Dot1x retry times	Maximum number of attempts to send authentication requests to 802.1X users. To configure maximum number of attempts to send authentication requests to 802.1X users, run the dot1x retry command.
Authenticating users	Number of users who are being authenticated.
Current users	Number of online users on the interface.
Authentication Success	Number of successful authentications. The statistics include statistics on online 802.1X users but not on the users using MAC address bypass authentication.
Failure	Number of failed authentications. The statistics include statistics on online 802.1X users but not on the users using MAC address bypass authentication.
Enter Enquence	Number of packets entering the queue.
EAPOL Packets	Number of globally EAPOL packets. TX: Number of sent EAPOL packets. RX: Number of received EAPOL packets.
Sent	Statistics of sent packet.
EAPOL Request/Identity Packets	Number of globally EAPOL Request/Identity packets.
EAPOL Request/Challenge Packets	Number of globally EAPOL Request/Challenge packets.
Multicast Trigger Packets	Number of multicast packets that trigger authentication.
EAPOL Success Packets	Number of globally EAPOL Success packets.
EAPOL Failure Packets	Number of globally EAPOL Failure packets.
Received	Statistics of received packet.
EAPOL Start Packets	Number of globally EAPOL Start packets.
EAPOL Logoff Packets	Number of globally EAPOL LogOff packets.
EAPOL Response/Identity Packets	Number of globally EAPOL Response/Identity packets.
EAPOL Response/Challenge Packets	Number of globally EAPOL Response/Challenge packets.
Online user(s) info	Online user information: UserId: User ID. MAC/VLAN: MAC address/VLAN ID. AccessTime: Access time. UserName: User name. Total: Total number of online users. printed: Number of displayed online users.
Dropped	Number of discarded EAP packets. EAPOL Access Flow Control: number of packets that are discarded because the user access rate is exceeded. EAPOL Check Sysmac Error: number of packets that are discarded because the device MAC address is incorrect. EAPOL Get Vlan ID Error: number of packets that are discarded because the obtained VLAN ID is incorrect. EAPOL Packet Flow Control: number of packets that are discarded because the packet access rate is exceeded. EAPOL Online User Reach Max: number of packets that are discarded because the number of online users reaches the maximum. EAPOL Static or BlackHole Mac: number of packets that are discarded because the packet MAC address is a static MAC address or blackhole MAC address. EAPOL Get Vlan Mac Error: number of packets that are discarded because the obtained VLAN MAC address is incorrect. EAPOL Temp User Exist: number of packets that are discarded because the temporary user exists. EAPOL no replace dot1x: number of EAP Start packets that are discarded due to 802.1X authentication of successfully authenticated MAC or Portal users.
DHCP	DHCP packet statistics.
ARP	ARP packet statistics.
ND	ND packet statistics.
DHCPv6	DHCPv6 packet statistics.
Processed Packet	Number of processed packets.
Dropped Packet	Number of discarded packets.
Authentication Request	Number of authentication request messages.
Cut Request	Number of logout request messages.
Cut Command Ack	Number of acknowledgment messages to logout command request messages.
Authentication Ack Fail Aff	Number of the user is disconnected after the wireless user authentication fails.
Update Ip	Number of IP address update messages.
Wlan Eap Authentication Request	Number of EAP authentication request messages initiated by the WLAN module.
Wlan Eap Authentication Request	Number of EAP authentication request messages initiated by the WLAN module.
Wlan Eap Authentication Request Ack	Number of acknowledgment messages to EAP authentication request messages initiated by the WLAN module.
Wlan Eap Send Pmk	Number of PMK messages sent when the WLAN module performs EAP authentication.
Wlan Eap Reauthenticate Send Pmk	Number of PMK messages sent when the WLAN module performs EAP re-authentication.
Update User Online Time	Number of the user online time is updated.
Authentication Ack	Number of authentication acknowledgment messages.
Reauthenticate Command	Number of re-authentication messages.
Cut Command	Number of logout command request messages.
Cut Ack	Number of acknowledgment messages to logout request messages.
Sam Nac Ack	Number of EAP messages replied by the SAM module.
Notify Server Up	Number of RADIUS server Up messages.
Wlan Mac Authentication Request	Number of MAC authentication request messages initiated by the WLAN module.
Notify Vlanif Mac Authentication	Number of MAC authentication request messages of a VLANIF interface.