Run the display dot1x command to display information about 802.1X.

Latest reply: Dec 27, 2018 07:55:48 1088 2 10 0
In this command echo, some information can help us understand the current network configuration and the 802.1X protocol.



<HUAWEI> display dot1x
  Global 802.1x is Enabled                                                     
  Authentication method is CHAP                                                
  Max users: 1024                                                              
  Current users: 1                                                             
  DHCP-trigger is Disabled                                                     
  Handshake is Enabled                                                   
  Quiet function is Enabled                                                    
  Mc-trigger port-up-send is Disabled                                          
  Parameter set:Dot1x Handshake Period        16s   Reauthen Period     60s    
                Arp Handshake Period           0s   Client Timeout      10s    
                Quiet Period                 600s   Quiet-times          2     
                Eth-Trunk Handshake Period   120s   Tx Period           30     
               
  dot1x URL: www.123.com.cn
  Dropped   EAPOL Access Flow Control            : 0                           
            EAPOL Check Sysmac Error             : 0                           
            EAPOL Get Vlan ID Error              : 0                           
            EAPOL Packet Flow Control            : 0                           
            EAPOL Online User Reach Max          : 0                           
            EAPOL Static or BlackHole Mac        : 0                           
            EAPOL Get Vlan Mac Error             : 0                           
            EAPOL Temp User Exist                : 0                           
  Free-ip configuration(IP/mask):                                              
   192.168.1.0     /255.255.255.0   


 GigabitEthernet0/0/3 status: UP  802.1x protocol is Enabled                   
  Port control type is Auto                                                    
  Authentication mode is MAC-based                                             
  Authentication method is CHAP                                                
  Reauthentication is disabled                                                 
  Dot1x retry times: 2                                                         
  Authenticating users: 1                                                      
  Maximum users: 1024                                                          
  Current users: 1                                                             
                                                                               
  Authentication Success: 1          Failure: 0                                
  EAPOL Packets: TX     : 19         RX     : 0                                
  Sent      EAPOL Request/Identity Packets       : 1                           
            EAPOL Request/Challenge Packets      : 0                           
            Multicast Trigger Packets            : 18                          
            EAPOL Success Packets                : 0                           
            EAPOL Failure Packets                : 0                           
  Received  EAPOL Start Packets                  : 0                           
            EAPOL Logoff Packets                 : 0                           
            EAPOL Response/Identity Packets      : 0                           
            EAPOL Response/Challenge Packets     : 0         
                                                                               
 Online user(s) info:                                                          
 UserId   MAC/VLAN            AccessTime              UserName                 
 ------------------------------------------------------------------------------
 17487    000c-2952-fd80/34   2018/07/30 09:49:15     lss                      
 ------------------------------------------------------------------------------
 Total: 1, printed: 1

#

#

#

I learned after reading:

MAC basic authentication on GigabitEthernet 0/0/3 is enabled;
The 802.1X re-authentication function on the GigabitEthernet 0/0/3 interface is disabled;
On GigabitEthernet 0/0/3, there is a user with successful authentication.

  • x
  • convention:

user_2915719
Created Dec 27, 2018 07:30:57 Helpful(0) Helpful(0)

There is a section called DHCP trigger which is very interesting.
  • x
  • convention:

yiyi0519
Created Dec 27, 2018 07:55:48 Helpful(0) Helpful(0)

The 802.1x protocol based on Ethernet port authentication has the following characteristics: IEEE802.1x protocol is a Layer 2 protocol. It does not need to reach Layer 3, and the overall performance requirements of the device are not high, which can effectively reduce the cost of network construction. It is borrowed in the RAS system. The commonly used EAP (Extended Authentication Protocol) can provide good scalability and adaptability, and is compatible with the traditional PPP authentication architecture. The 802.1x authentication architecture uses the logic of "controllable port" and "uncontrollable port". The function can be used to separate the service from the authentication. The RADIUS and the switch use the uncontrollable logical port to complete the authentication and control of the user. The service packets are directly carried on the normal Layer 2 packet and exchanged through the controllable port. The authenticated data packet is a pure data packet that does not need to be encapsulated; the existing background authentication system can be used to reduce the cost of deployment and has rich service support; different user authentication levels can be mapped to different VLANs; And wireless LAN with secure authentication access.
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login