display dot1x

Syntax

display dot1x [ sessions | statistics ] [ interface interface-list ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

sessions: Displays 802.1X session information.

statistics: Displays 802.1X statistics.

interface interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 ports or port ranges. The start port number must be smaller than the end number and the two interfaces must be the same type.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use display dot1x to display information about 802.1X.

If you specify neither the sessions keyword nor the statistics keyword, the command displays all information about 802.1X, including session information, statistics, and configurations.

Related commands: reset dot1x statistics, dot1x, dot1x retry, dot1x max-user, dot1x port-control, dot1x port-method, and dot1x timer.

Examples

# Display all information about 802.1X.

<Sysname> display dot1x
Equipment 802.1X protocol is enabled
CHAP authentication is enabled
EAD quick deploy is enabled

Configuration: Transmit Period     30 s,  Handshake Period       15 s
               Quiet Period        60 s,  Quiet Period Timer is disabled
               Supp Timeout        30 s,  Server Timeout         100 s
               Reauth Period     3600 s
               The maximal retransmitting times          3
EAD quick deploy configuration:
               URL: http://192.168.19.23
               Free IP: 192.168.19.0 255.255.255.0
               EAD timeout:    30m

The maximum 802.1X user resource number is 1024 per slot
Total current used 802.1X resource number is 1

Ethernet1/0/1  is link-up
  802.1X protocol is enabled
  Handshake is disabled
  Handshake secure is disabled
  802.1X unicast-trigger is enabled
  802.1X user-ip freeze is disabled
  Periodic reauthentication is disabled
  The port is an authenticator
  Authenticate Mode is Auto
  Port Control Type is Mac-based
  802.1X Multicast-trigger is enabled
  Mandatory authentication domain: NOT configured
  Guest VLAN: 4
  Auth-fail VLAN: NOT configured
  Critical VLAN: 3
  Critical recovery-action: reinitialize
  Voice VLAN: NOT configured
  Max number of on-line users is 256

  EAPOL Packet: Tx 1087, Rx 986
  Sent EAP Request/Identity Packets : 943
       EAP Request/Challenge Packets: 60
       EAP Success Packets: 29, Fail Packets: 55
  Received EAPOL Start Packets : 60
           EAPOL LogOff Packets: 24
           EAP Response/Identity Packets : 724
           EAP Response/Challenge Packets: 54
           Error Packets: 0
1. Authenticated user : MAC address: 0015-e9a6-7cfe

  Controlled User(s) amount to 1

Table 10: Command output

Field

Description

Equipment 802.1X protocol is enabled

Specifies whether 802.1X is enabled globally

CHAP authentication is enabled

Specifies whether CHAP authentication is enabled

EAD quick deploy is enabled

Specifies whether EAD fast deployment is enabled

Transmit Period

Username request timeout timer in seconds

Handshake Period

Handshake timer in seconds

Reauth Period

Periodic online user re-authentication timer in seconds

Quiet Period

Quiet timer in seconds

Quiet Period Timer is disabled

Status of the quiet timer. In this example, the quiet timer is enabled.

Supp Timeout

Client timeout timer in seconds

Server Timeout

Server timeout timer in seconds

The maximal retransmitting times

Maximum number of attempts for sending an authentication request to a client

EAD quick deploy configuration

EAD fast deployment configuration

URL

Redirect URL for unauthenticated users using a web browser to access the network

Free IP

Freely accessible network segment

EAD timeout

EAD rule timer in minutes

The maximum 802.1X user resource number per slot

Maximum number of concurrent 802.1X user per card

Total current used 802.1X resource number

Total number of online 802.1X users

Ethernet1/0/1 is link-up

Status of the port. In this example, Ethernet 1/0/1 is up.

802.1X protocol is disabled

Specifies whether 802.1X is enabled on the port

Handshake is disabled

Specifies whether handshake is enabled on the port

Handshake secure is disabled

Specifies whether handshake security is enabled on the port

802.1X unicast-trigger is disabled

Specifies whether unicast trigger is enabled on the port.

802.1X user-ip freeze is disabled

Specifies whether the user IP freeze function is enabled on the port. The user IP freeze function is not supported in the current software version.

Periodic reauthentication is disabled

Specifies whether periodic online user re-authentication is enabled on the port

The port is an authenticator

Role of the port

Authenticate Mode is Auto

Authorization state of the port

Port Control Type is Mac-based

Access control method of the port

802.1X Multicast-trigger is enabled

Specifies whether the 802.1X multicast-trigger function is enabled

Mandatory authentication domain

Mandatory authentication domain on the port

Guest VLAN

802.1X guest VLAN configured on the port. NOT configured is displayed if no guest VLAN is configured.

Auth-fail VLAN

Auth-Fail VLAN configured on the port. NOT configured is displayed if no Auth-Fail VLAN is configured.

Critical VLAN

802.1X critical VLAN configured on the port. NOT configured is displayed if no 802.1X critical VLAN is configured on the port.

Critical recovery-action

Action that the port takes when an active (reachable) authentication server is detected available for the 802.1X users in the critical VLAN:

  • reinitialize—The port triggers authentication.

  • NOT configured—The port does not trigger authentication.

Voice VLAN

Voice VLAN configured on the port. NOT configured is displayed if no voice VLAN is configured.

Max number of on-line users

Maximum number of concurrent 802.1X users on the port

EAPOL Packet

Number of sent (Tx) and received (Rx) EAPOL packets

Sent EAP Request/Identity Packets

Number of sent EAP-Request/Identity packets

EAP Request/Challenge Packets

Number of sent EAP-Request/Challenge packets

EAP Success Packets

Number of sent EAP Success packets

Fail Packets

Number of sent EAP-Failure packets

Received EAPOL Start Packets

Number of received EAPOL-Start packets

EAPOL LogOff Packets

Number of received EAPOL-LogOff packets

EAP Response/Identity Packets

Number of received EAP-Response/Identity packets

EAP Response/Challenge Packets

Number of received EAP-Response/Challenge packets

Error Packets

Number of received error packets

Authenticated user

User that has passed 802.1X authentication

Controlled User(s) amount

Number of authenticated users on the port