Why are the 802.1x users' IP addresses not displayed after I run the display access-user command

4

The device learns the IP address of an authenticated online user from ARP packets that the user sends. If the user does not send any ARP packets, the device cannot learn or display the user's IP address.

Other related questions:
Why cannot IP addresses of 802.1X users be displayed sometimes after the display access-user command is run
Users can access a router after they are successfully authenticated. The router captures ARP packets sent by the users and learns their IP addresses. If the users do not send ARP packets, the router cannot learn or display any IP address.

Why is IP address of 802.1x users not displayed when the display access-user command is used on the AR router
After users are authenticated and go online, The AR router obtains ARP packets and learns IP addresses of users. If users do not send any ARP packets, the AR router cannot learn or display users' IP addresses.

Users have been connected and assigned IP addresses, but there is no user information in the display access-user command on the AC. Why
Check whether Portal authentication is configured. If Portal authentication is configured, user information is displayed on the AC only after users are authenticated successfully.

How to view detailed information about 802.1x authentication users on S series switches
For S series switches (except the S1700), you can perform the following operations in any view to check detailed information about online 802.1x authentication users. - In NAC common mode (applicable to switches running all versions): [HUAWEI] display access-user //Obtain indexes of 802.1x authentication users based on the users' MAC or IP addresses. [HUAWEI] display access-user user-id 1 //Check information about the users based on their indexes. - In NAC unified mode (applicable to switches running V200R005C00 and later versions): [HUAWEI] display access-user access-type dot1x //Check information about online 802.1x authentication users. [HUAWEI] display access-user user-id 1 //You can also run the display access-user username user-name detail command on switches running V200R007C00 and later versions to check detailed information about 802.1x authentication users.

Why is a user not displayed as online on the RADIUS server after the user succeeds in authentication
The RADIUS server judges whether a user is online by the enabling of the accounting function rather than the success of authentication. If the user succeeds in authentication but does not perform accounting, the RADIUS server considers that the user is offline. Therefore, check whether the accounting function is correctly enabled in the scenario where the accounting function is applied.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top