display mac-authen

Function

The display mac-authen command displays information about MAC address authentication.

Format

display mac-authen [ interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10> | configuration ]

Parameters

Parameter	Description	Value
interface { interface-type interface-number1 [ to interface-number2 ] }	Displays information about MAC address authentication on a specified interface. interface-type specifies the interface type. interface-number specifies the interface number. MAC address authentication information on all device interfaces is displayed if this parameter is not specified.	-
configuration	Displays the global information about MAC address authentication.	-

Parameter

Description

Value

interface { interface-type interface-number1 [ to interface-number2 ] }

Displays information about MAC address authentication on a specified interface.

interface-type specifies the interface type.
interface-number specifies the interface number.

MAC address authentication information on all device interfaces is displayed if this parameter is not specified.

configuration

Displays the global information about MAC address authentication.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display mac-authen command to view configuration results of all configuration commands in MAC address authentication. The command output helps you to check whether the MAC address authentication configuration is correct and isolate faults accordingly.

Follow-up Procedure

You can locate the fault according to the packet statistics that is displayed using the display mac-authen command. When the fault is rectified, run the reset mac-authen statistics command to clear the packet statistics. After a period of time, run the display mac-authen command again to check the packet statistics. If no error packet is found, the fault is rectified.

Example

# View all information about MAC address authentication.

<HUAWEI> display mac-authen
  MAC address authentication is Enabled.
  Username format: use MAC address without-hyphen as username
  Quiet period is 60s                                                     
  Authentication fail times before quiet is 1
  Offline detect period is 300s                                           
  Reauthenticate period is 1000s
  Guest user reauthenticate period is 60s                          
  Maximum users: 100
  Current users: 1                                                
  Global domain is not configured                                        
  Trigger condition: dhcp arp dhcpv6 nd     
                                                                                
 GigabitEthernet0/0/1 state : UP. MAC address authentication is enabled                                        
  Reauthentication is enabled                                                   
  Reauthen Period: 1000s                                                        
  Maximum users: 100                                                           
  Current users: 1                                                              
  Authentication Success: 0, Failure: 0                                         
                                                                                
 Online user(s) info:                                                           
 UserId   MAC/VLAN            AccessTime              UserName                  
 ------------------------------------------------------------------------------ 
 16016    5489-9801-583d/2003 2014/01/26 09:22:49     wlan                      
 ------------------------------------------------------------------------------ 
 Total 1,1 printed

**Table 1** Description of the **display mac-authen** command output
Item	Description
Mac address authentication is Enabled	MAC address authentication is enabled. To enable MAC address authentication, run the mac-authen command.
Username format	User name format for MAC address authentication. use MAC address without-hyphen as username: A user name is a MAC address that does not contain hyphens (-), for example, 0005e01c02e3. use MAC address with-hyphen as username: A user name is a MAC address that contains hyphens (-) and the hyphens are inserted between every four digits, for example, 0005-e01c-02e3. use MAC address with-hyphen normal as username: A user name is a MAC address that contains hyphens (-) and the hyphens are inserted between every two digits, for example, 00-05-e0-1c-02-e3. use MAC address without-hyphen upper as username: A user name is a MAC address in the uppercase format that does not contain hyphens (-), for example, 0005E01C02E3. use MAC address with-hyphen upper as username: A user name is a MAC address in the uppercase format that contains hyphens (-) and the hyphens are inserted between every four digits, for example, 0005-E01C-02E3. use MAC address with-hyphen normal upper as username: A user name is a MAC address in the uppercase format that contains hyphens (-) and the hyphens are inserted between every two digits, for example, 00-05-E0-1C-02-E3. use MAC address with-hyphen colon as username: A user name is a MAC address that contains colons (:) and the colons are inserted between every four digits, for example, 0005:e01c:02e3. use MAC address with-hyphen normal colon as username: A user name is a MAC address that contains colons (:) and the colons are inserted between every two digits, for example, 00:05:e0:1c:02:e3. use MAC address with-hyphen colon upper as username: A user name is a MAC address in the uppercase format that contains colons (:) and the colons are inserted between every four digits, for example, 0005:E01C:02E3. use MAC address with-hyphen normal colon upper as username: A user name is a MAC address in the uppercase format that contains colons (:) and the colons are inserted between every two digits, for example, 00:05:E0:1C:02:E3. fixed username: The user name is fixed. use option82 as username: The content of the Option 82 field is used as the user name. not configured: The user name format is not configured. To configure a user name, run the mac-authen username command.
Quiet period	Quiet timer value, during which the user waits for re-authentication after the maximum number of authentication failures is exceeded. The default value of the quiet timer is 60 seconds. To set the quiet period, run the mac-authen timer command.
Authentication fail times before quiet	Maximum number of authentication failures before a MAC address authentication user enters the quiet state.
Offline detect period	Interval for detecting online users. The timer is used to periodically check whether a user is offline. The default interval is 300 seconds. To set the interval for detecting online users, run the mac-authen timer command.
Reauthenticate period is 1000s	Interval at which users are re-authenticated. The default interval is 1800 seconds. To set the re-authentication period, run the mac-authen timer command.
Guest user reauthenticate period is 60s	Interval at which users in a guest VLAN are re-authenticated. The default interval is 60 seconds. To set the guest VLAN user re-authentication period, run the mac-authen timer command.
Maximum users	Maximum number of online users allowed by the device, the value varies according to devices. To set the maximum number of MAC address authentication users on an interface, run the mac-authen max-user command.
Current users	Number of current online users.
Global domain	Current authentication domain. By default, no authentication domain is specified for users. If you do not specify any domain for users, the default domain in the system is used. To configure an authentication domain, run the mac-authen domain command.
Trigger condition	Packet type that can trigger MAC address authentication. To configure the packet type, run the mac-authen trigger command.
GigabitEthernet0/0/1 current state	Interface state. UP: The interface is started. DOWN: The interface is shut down.
MAC address authentication is Enabled	MAC address authentication is enabled on the interface. To enable MAC address authentication, run the mac-authen command.
Reauthentication is enabled	MAC address reauthentication is enabled. To enable the MAC address reauthentication, run the mac-authen reauthenticate command.
Reauthen Period	Interval at which users are re-authenticated. The default interval is 1800 seconds. To set the re-authentication period, run the mac-authen timer reauthenticate-period command.
Maximum users	Maximum number of MAC address authentication users on the interface. To set the maximum number of MAC address authentication users on an interface, run the mac-authen max-user command.
Current users	Number of current online users on the interface.
Authentication Success: 0, Failure: 0	Numbers of successful and failed authentications on the interface.
UserId	ID of an online user.
MAC/VLAN	MAC address and VLAN of a user. NOTE: If the AAA server delivers an authorized VLAN, information about the authorized VLAN is displayed.
AccessTime	Access time of a user.
UserName	Name of a user.