[x]

MAC authentication configuration commands > display mac-authentication

 

 Next

display mac-authentication

Syntax

display mac-authentication [ interface interface-list ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

2: System level

Parameters

interface interface-list: Specifies a port list, in the format of { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10> indicates that you can specify up to 10 port ranges. The start port and end port of a port range must be of the same type and the end port number must be greater than the start port number. A port range defined without the to interface-type interface-number portion comprises only one port.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use display mac-authentication to display MAC authentication settings and statistics, including the global settings, and port-specific settings and MAC authentication and online user statistics.

If you specify a list of ports, the command displays port-specific settings and statistics only for the specified ports.

If you do not specify any port, the command displays port-specific settings and statistics for all ports.

Examples

# Display all MAC authentication settings and statistics.

<Sysname> display mac-authentication
MAC address authentication is enabled.
 User name format is MAC address in lowercase, like xxxxxxxxxxxx
 Fixed username:mac
 Fixed password:not configured
          Offline detect period is 300s
          Quiet period is 60s.
          Server response timeout value is 100s
          Guest vlan reauthentication timeout value is 30s
          the max allowed user number is 1024 per slot
          Current user number amounts to 0
          Current domain: not configured, use default domain

Silent Mac User info:
         MAC Addr         From Port           Port Index
Ethernet1/0/1 is link-up
  MAC address authentication is enabled
  Authenticate success: 0, failed: 0
 Max number of on-line users is 256
  Current online user number is 0
MAC Addr         Authenticate state           AuthIndex

Table 11: Command output

Field

Description

MAC address authentication is enabled

Whether MAC authentication is enabled.

User name format is MAC address in lowercase, like xxxxxxxxxxxx

Type of user account, which can be MAC-based or shared.

  • If MAC-based accounts are used, this field displays "User name format is MAC address…" and the format settings for usernames and passwords. For example, MAC addresses without hyphens in lower case.

  • If a shared account is used, this field displays "User name format is fixed account."

Fixed username:

Username of the shared account for MAC authentication users. If MAC-based accounts are used, this field displays mac.

Fixed password:

Password for MAC authentication.

  • If MAC-based accounts are used or if a shared account is used but no password is configured, this field displays Not configured.

  • If a shared account is used and a password is configured, this field displays a string of asterisks (******).

Offline detect period

Setting of the offline detect timer

Quiet period

Setting of the quiet timer

Server response timeout value

Setting of the server timeout timer

Guest vlan reauthentication timeout value

Setting of the MAC re-authentication timer for users in the MAC authentication guest VLAN.

the max allowed user number

Maximum number of users each slot supports

Current user number amounts to

Number of online users

Current domain: not configured, use default domain

Authentication domain that is currently used

Silent Mac User info

Information about silent MAC addresses. A MAC address is marked silent when it fails a MAC authentication, and at the same time, a quiet timer starts. Before the timer expires, the device drops any packet from the MAC address and does not perform MAC authentication for the MAC address.

Ethernet 1/0/1 is link-up

Status of the link on port Ethernet 1/0/1. In this example, the link is up.

MAC address authentication is enabled

Whether MAC authentication is enabled on port Ethernet1/0/1.

Authenticate success: 0, failed: 0

MAC authentication statistics, including the number of successful and unsuccessful authentication attempts

Max number of on-line users

Maximum number of concurrent online users allowed on the port.

If MAC authentication is not enabled on the port, the field displays 0.

Current online user number

Number of online users on the port.

MAC Addr

MAC address of the online user.

Authenticate state

User status:

  • MAC_AUTHENTICATOR_CONNECT—The user is logging in.

  • MAC_AUTHENTICATOR_SUCCESS—The user has passed the authentication.

  • MAC_AUTHENTICATOR_FAIL—The user failed the authentication.

  • MAC_AUTHENTICATOR_LOGOFF—The user has logged off.

AuthIndex

Authenticator index.

prev

 

up

 next

MAC authentication configuration commands 

home

 mac-authentication

© Copyright 2016 Hewlett Packard Enterprise Development LP