How to view detailed information about 802.1x authentication users on S series switches

6

For S series switches (except the S1700), you can perform the following operations in any view to check detailed information about online 802.1x authentication users.
- In NAC common mode (applicable to switches running all versions):
[HUAWEI] display access-user //Obtain indexes of 802.1x authentication users based on the users' MAC or IP addresses.
[HUAWEI] display access-user user-id 1 //Check information about the users based on their indexes.
- In NAC unified mode (applicable to switches running V200R005C00 and later versions):
[HUAWEI] display access-user access-type dot1x //Check information about online 802.1x authentication users.
[HUAWEI] display access-user user-id 1 //You can also run the display access-user username user-name detail command on switches running V200R007C00 and later versions to check detailed information about 802.1x authentication users.

Other related questions:
How to view information about power supplies on S series switches
For S series switches (except S1700), run the display power command to view the power supply status. [HUAWEI] display power PowerID Online Mode State Current(A) Voltage(V) RealPwr(W) PWR1 Present AC NotSupply - - - PWR2 Present AC Supply 0.82 53.40 43.79 PWR3 Present AC Supply 0.97 53.51 51.90 PWR4 Present AC Supply 0.95 53.51 50.83 The State field indicates the power supply status. If the State displays NotSupply, the power module does not supply power. Check whether the power supply is installed properly or whether the power switch is turned on. Besides, you can run the display power system command on S series modular switches to check the power of each card and available power of the system. Before installing a switch or expanding the system capacity, decide whether the power capacity needs to be expanded according to the power consumption of the switch. [HUAWEI] display power system The total power supplied : 800.00(W) The maximum power needed : 797.00(W) The remain power : 3.00(W) The system rated power detail information : ------------------------------------------------- Slot BoardName State Power(W) ------------------------------------------------- 2 LPU board Lack 61.00 12 LPU board On 64.00 14 MPU board On 105.00 CMU1 CMU board On 1.00 CMU2 CMU board On 1.00 FAN1 FAN board On 43.00 FAN2 FAN board On 43.00 PWR1 PWR board On 800.00 The meanings of some fields are as follows: - The total power supplied: indicates the total power of the system. - The maximum power needed: indicates the maximum power required by the system. - The remaining power: indicates the available power of the system. - Power (W): indicates the power of each card.

Check IP addresses dynamically allocated to clients
On S series switches except S1700 switches, you can view IP addresses that have been dynamically assigned to users as follows: - If an interface address pool is used, run the display ip pool interface interface-pool-name used command. - If a global address pool is used, run the display ip pool name ip-pool-name used command. You can obtain the IP address used by each user according to the mapping between IP addresses and MAC addresses in the command output.

How to configure local authentication for 802.1x authentication users on S series switches
For S series switches (except the S1700), 802.1x authentication user information (including the user name, password, and other attributes of a local user) for local authentication and authorization is configured on the switches. Local authentication and authorization for 802.1x authentication users feature fast processing and low operation cost, but the amount of information that can be stored is limited by the switch hardware capacity.
Assume that a user connects to GE0/0/1 on a switch and belongs to VLAN 100. After local authentication is configured for the user on the switch, the user can access the network without being authorized. Configure local authentication for an 802.1x authentication user as follows:
1. Create VLAN 100 and add GE0/0/1 to the VLAN.
[HUAWEI] vlan batch 100 
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type access
[HUAWEI-GigabitEthernet0/0/1] port default vlan 100 
[HUAWEI-GigabitEthernet0/0/1] quit
2. Create a local user and an authentication domain for the local user.
[HUAWEI] aaa     
[HUAWEI-aaa] local-user huawei password cipher hello@123
[HUAWEI-aaa] local-user huawei service-type 8021x
[HUAWEI-aaa] authentication-scheme test
[HUAWEI-aaa-authen-test] authentication-mode local
[HUAWEI-aaa-authen-test] quit
[HUAWEI-aaa] authorization-scheme test
[HUAWEI-aaa-author-test] authorization-mode none
[HUAWEI-aaa-author-test] quit
[HUAWEI-aaa] domain default_admin
[HUAWEI-aaa-domain-default_admin] authentication-scheme test
[HUAWEI-aaa-domain-default_admin] authorization-scheme test
3. Enable 802.1x authentication in the system view and on a specified interface.
a. In common mode (applicable to switches running all versions):
[HUAWEI] undo authentication unified-mode  //Change the NAC mode to common. This step is required only on switches running V200R005C00 and later versions.br>[HUAWEI] quit
<HUAWEI> reboot   //This step is required only on switches running V200R005C00 and later versions.
[HUAWEI] dot1x enable
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] dot1x enable
[HUAWEI-GigabitEthernet0/0/1] dot1x authentication-method eap
b. In unified mode (applicable to switches running versions from V200R005 to V200R008):
[HUAWEI] authentication unified-mode 
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] authentication dot1x
[HUAWEI-GigabitEthernet0/0/1] authentication mode multi-authen max-user 100
c. In unified mode (applicable to switches running V200R009 and later versions):
[HUAWEI] dot1x-access-profile name d1
[HUAWEI-dot1x-access-profile-d1] quit
[HUAWEI] authentication-profile name a1
[HUAWEI-authen-profile-a1] dot1x-access-profile d1
[HUAWEI-authen-profile-a1] quit
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] authentication-profile a1

How to configure remote authentication for 802.1x authentication users on S series switches
802.1x authentication user information (including the user name, password, and other attributes) for remote authentication and authorization is configured on a remote AAA server. Remote authentication and authorization for 802.1x authentication users feature high network security. For S series and E series switches (except the S1700) running V200R003C10 and earlier versions, NAC can be configured only in common mode. For switches running V200R005C00 and later versions, NAC can be configured in common or unified mode. Accordingly, remote authentication for 802.1x authentication users can be configured in common or unified mode. For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. The following links are for reference only. - For the configuration example in common mode, see "Typical User Access and Authentication Configuration - Typical NAC Configuration (Common Mode) - Example for Configuring 802.1x Authentication to Control Internal User Access" in S1720&S2700&S3700&S5700&S6700&S7700&S9700 Typical Configuration Examples. - For the configuration example in unified mode on switches running versions from V200R005C00 to V200R008C00, see "Typical User Access and Authentication Configuration - Typical NAC Configuration (Unified Mode) (V200R005C00 to, V200R008C00) - Example for Configuring 802.1x Authentication to Control Internal User Access" in S1720&S2700&S3700&S5700&S6700&S7700&S9700 Typical Configuration Examples. - For the configuration example in unified mode on switches running V200R009C00 and later versions, see "Typical User Access and Authentication Configuration - Typical NAC Configuration (Unified Mode) (V200R009C00 and Later Versions) - Example for Configuring 802.1x Authentication to Control Internal User Access" in S1720&S2700&S3700&S5700&S6700&S7700&S9700 Configuration Guide - User Access and Authentication.

802.1x remote authentication on S series switch
In 802.1x remote authentication and authorization, user information (including the user name, password and attributes) is configured on the remote AAA server. 802.1x remote authentication and authorization feature high network security. S series switches (except S1700 switches) running V200R003C10 or an earlier version supports only traditional NAC configuration. Switches running V200R005C00 or a later version support both traditional and unified NAC configuration. By default, unified NAC configuration is used. 802.1x remote authentication also supports traditional and unified modes. 802.1x remote authentication configuration is the same on all switch models: - For the traditional 802.1x remote authentication configuration, see "Example for Configuring 802.1x Authentication to Control Internal User Access" in "Configuring NAC (Common Mode)" of Typical Configuration Examples. - For the unified 802.1x remote authentication configuration, see "Example for Configuring 802.1x Authentication to Control Internal User Access" in "Configuring NAC (Unified Mode)" of Typical Configuration Examples.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top