display dot1x
Syntax
display dot1x [ sessions | statistics ] [ interface interface-list ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
sessions: Displays 802.1X session information.
statistics: Displays 802.1X statistics.
interface interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 ports or port ranges. The start port number must be smaller than the end number and the two interfaces must be the same type.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use display dot1x to display information about 802.1X.
If you specify neither the sessions keyword nor the statistics keyword, the command displays all information about 802.1X, including session information, statistics, and configurations.
Related commands: reset dot1x statistics, dot1x, dot1x retry, dot1x max-user, dot1x port-control, dot1x port-method, and dot1x timer.
Examples
# Display all information about 802.1X.
<Sysname> display dot1x Equipment 802.1X protocol is enabled CHAP authentication is enabled EAD quick deploy is enabled Configuration: Transmit Period 30 s, Handshake Period 15 s Quiet Period 60 s, Quiet Period Timer is disabled Supp Timeout 30 s, Server Timeout 100 s Reauth Period 3600 s The maximal retransmitting times 3 EAD quick deploy configuration: URL: http://192.168.19.23 Free IP: 192.168.19.0 255.255.255.0 EAD timeout: 30m The maximum 802.1X user resource number is 1024 per slot Total current used 802.1X resource number is 1 Ethernet1/0/1 is link-up 802.1X protocol is enabled Handshake is disabled Handshake secure is disabled 802.1X unicast-trigger is enabled 802.1X user-ip freeze is disabled Periodic reauthentication is disabled The port is an authenticator Authenticate Mode is Auto Port Control Type is Mac-based 802.1X Multicast-trigger is enabled Mandatory authentication domain: NOT configured Guest VLAN: 4 Auth-fail VLAN: NOT configured Critical VLAN: 3 Critical recovery-action: reinitialize Voice VLAN: NOT configured Max number of on-line users is 256 EAPOL Packet: Tx 1087, Rx 986 Sent EAP Request/Identity Packets : 943 EAP Request/Challenge Packets: 60 EAP Success Packets: 29, Fail Packets: 55 Received EAPOL Start Packets : 60 EAPOL LogOff Packets: 24 EAP Response/Identity Packets : 724 EAP Response/Challenge Packets: 54 Error Packets: 0 1. Authenticated user : MAC address: 0015-e9a6-7cfe Controlled User(s) amount to 1
Table 10: Command output
Field | Description |
---|---|
Equipment 802.1X protocol is enabled | Specifies whether 802.1X is enabled globally |
CHAP authentication is enabled | Specifies whether CHAP authentication is enabled |
EAD quick deploy is enabled | Specifies whether EAD fast deployment is enabled |
Transmit Period | Username request timeout timer in seconds |
Handshake Period | Handshake timer in seconds |
Reauth Period | Periodic online user re-authentication timer in seconds |
Quiet Period | Quiet timer in seconds |
Quiet Period Timer is disabled | Status of the quiet timer. In this example, the quiet timer is enabled. |
Supp Timeout | Client timeout timer in seconds |
Server Timeout | Server timeout timer in seconds |
The maximal retransmitting times | Maximum number of attempts for sending an authentication request to a client |
EAD quick deploy configuration | EAD fast deployment configuration |
URL | Redirect URL for unauthenticated users using a web browser to access the network |
Free IP | Freely accessible network segment |
EAD timeout | EAD rule timer in minutes |
The maximum 802.1X user resource number per slot | Maximum number of concurrent 802.1X user per card |
Total current used 802.1X resource number | Total number of online 802.1X users |
Ethernet1/0/1 is link-up | Status of the port. In this example, Ethernet 1/0/1 is up. |
802.1X protocol is disabled | Specifies whether 802.1X is enabled on the port |
Handshake is disabled | Specifies whether handshake is enabled on the port |
Handshake secure is disabled | Specifies whether handshake security is enabled on the port |
802.1X unicast-trigger is disabled | Specifies whether unicast trigger is enabled on the port. |
802.1X user-ip freeze is disabled | Specifies whether the user IP freeze function is enabled on the port. The user IP freeze function is not supported in the current software version. |
Periodic reauthentication is disabled | Specifies whether periodic online user re-authentication is enabled on the port |
The port is an authenticator | Role of the port |
Authenticate Mode is Auto | Authorization state of the port |
Port Control Type is Mac-based | Access control method of the port |
802.1X Multicast-trigger is enabled | Specifies whether the 802.1X multicast-trigger function is enabled |
Mandatory authentication domain | Mandatory authentication domain on the port |
Guest VLAN | 802.1X guest VLAN configured on the port. NOT configured is displayed if no guest VLAN is configured. |
Auth-fail VLAN | Auth-Fail VLAN configured on the port. NOT configured is displayed if no Auth-Fail VLAN is configured. |
Critical VLAN | 802.1X critical VLAN configured on the port. NOT configured is displayed if no 802.1X critical VLAN is configured on the port. |
Critical recovery-action | Action that the port takes when an active (reachable) authentication server is detected available for the 802.1X users in the critical VLAN:
|
Voice VLAN | Voice VLAN configured on the port. NOT configured is displayed if no voice VLAN is configured. |
Max number of on-line users | Maximum number of concurrent 802.1X users on the port |
EAPOL Packet | Number of sent (Tx) and received (Rx) EAPOL packets |
Sent EAP Request/Identity Packets | Number of sent EAP-Request/Identity packets |
EAP Request/Challenge Packets | Number of sent EAP-Request/Challenge packets |
EAP Success Packets | Number of sent EAP Success packets |
Fail Packets | Number of sent EAP-Failure packets |
Received EAPOL Start Packets | Number of received EAPOL-Start packets |
EAPOL LogOff Packets | Number of received EAPOL-LogOff packets |
EAP Response/Identity Packets | Number of received EAP-Response/Identity packets |
EAP Response/Challenge Packets | Number of received EAP-Response/Challenge packets |
Error Packets | Number of received error packets |
Authenticated user | User that has passed 802.1X authentication |
Controlled User(s) amount | Number of authenticated users on the port |