Shows status information for network login.
port_list | Specifies one or more ports or slots and ports. |
vlan_name | Specifies the name of a VLAN. |
vlan_list | Specifies a VLAN list of IDs. |
dot1x | Specifies 802.1X information. |
detail | Shows detailed information. |
mac | Specifies MAC-based information. |
web-based | Specifies web-based information. |
N/A.
If you do not specify the authentication method, the switch displays information for all network login authentication methods.
The following sample output shows the summary network login information:
# show netlogin NetLogin Authentication Mode : web-based ENABLED; 802.1X ENABLED; mac-based ENABLED NetLogin VLAN : "nvlan" NetLogin move-fail-action : Authenticate NetLogin Client Aging Time : 5 minutes Dynamic VLAN Creation : Enabled Dynamic VLAN Uplink Ports : 12 ------------------------------------------------ Web-based Mode Global Configuration ------------------------------------------------ Base-URL : network-access.com Default-Redirect-Page : http://www.yahoo.com Logout-privilege : YES Netlogin Session-Refresh : ENABLED; 3 minutes Authentication Database : Radius, Local-User database ------------------------------------------------ ------------------------------------------------ 802.1X Mode Global Configuration ------------------------------------------------ Quiet Period : 60 Supplicant Response Timeout : 30 Re-authentication period : 200 RADIUS server timeout : 30 EAPOL MPDU version to transmit : v1 Authentication Database : Radius ------------------------------------------------ ------------------------------------------------ MAC Mode Global Configuration ------------------------------------------------ Re-authentication period : 0 (Re-authentication disabled) Authentication Database : Radius, Local-User database Authentication Delay Period : 0 (Default) MAC Address/Mask Password (encrypted) Port(s) -------------------- ------------------------------ ------------------------ 00:00:86:3F:1C:35/48 yaqu any 00:01:20:00:00:00/24 yaqu any 00:04:0D:28:45:CA/48 =4253C5;50O@ any 00:10:14:00:00:00/24 yaqu any 00:10:A4:A9:11:3B/48 yaqu any 00:10:A4:00:00:00/24 yaqu any Default yaqu any Authentication Database : Radius, Local-User database ------------------------------------------------ Port: 5, Vlan: nvlan, State: Enabled, Authentication: mac-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 9, Vlan: nvlan, State: Enabled, Authentication: web-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 10, Vlan: nvlan, State: Enabled, Authentication: 802.1X, mac-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 17, Vlan: engr, State: Enabled, Authentication: mac-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 17, Vlan: mktg, State: Enabled, Authentication: mac-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 19, Vlan: corp, State: Enabled, Authentication: 802.1X, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User 00:04:0d:50:e1:3a 0.0.0.0 No 0 00040D50E13A 00:10:dc:98:54:00 10.201.31.113 Yes, Radius 802.1X 24 md5isp7 ----------------------------------------------- Port: 19, Vlan: nvlan, State: Enabled, Authentication: 802.1X, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User 00:04:0d:50:e1:3a 0.0.0.0 No 802.1X 0 ----------------------------------------------- Port: 19, Vlan: voice-ip, State: Enabled, Authentication: 802.1X, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User 00:04:0d:50:e1:3a 0.0.0.0 Yes, Radius 802.1X 75 00040D50E13A -----------------------------------------------
The following command shows more detailed information, including the configured authentication methods:
# show netlogin port 3:2 vlan "Default" Port: 2:1 Vlan: Default Authentication: Web-Based, 802.1X Port State: Unauthenticated Guest VLAN: Not Enabled DHCP: Not Enabled MAC IP address Auth Type ReAuth-Timer User 00:0C:F1:E8:4E:13 0.0.0.0 No 802.1X 0 Unknown 00:01:30:F3:EA:A0 10.0.0.1 Yes 802.1X 0 testUser
The following command shows information about a specific port configured for network login:
# show netlogin port 1:1 Port : 1:1 Port Restart : Enabled Vlan : Default Authentication: mac-based Port State : Enabled Guest Vlan : Disabled MAC IP address Auth Type ReAuth-Timer User -----------------------------------------------
The following command shows the details of the 802.1X mode:
# show netlogin dot1x detail NetLogin Authentication Mode : web-based DISABLED; 802.1X ENABLED; mac-based DISABLED NetLogin VLAN : "nl" NetLogin move-fail-action : Deny ------------------------------------------------ 802.1X Mode Global Configuration ------------------------------------------------ Quiet Period : 30 Supplicant Response Timeout : 30 Re-authentication period : 3600 RADIUS server timeout : 30 EAPOL MPDU version to transmit : v1 Guest VLAN : destVlan ------------------------------------------------ Port: 1:1, Vlan: Default, State: Enabled, Authentication: 802.1X, Guest Vlan: destVlan MAC 00:00:86:53:c3:14 : IP=0.0.0.0 Auth=Yes User= testUser : AuthPAE state=AUTHENTICATED BackAuth state=IDLE : ReAuth time left=3595 ReAuth count=1 : Quiet time left=37 00:02:03:04:04:05 : IP=0.0.0.0 Auth=No User= : AuthPAE state=CONNECTING BackAuth state=IDLE : ReAuth time left=0 ReAuth count=2 : Quiet time left=37 -----------------------------------------------
For 802.1X, if re-authentication is disabled, the re-authentication period appears as follows:
Re-authentication period : 0 (Re-authentication disabled)
The show netlogin port 5:4 dot1x command generates the following sample output:
Port : 5:4 Port Restart : Disabled Vlan : corp Authentication : 802.1X Port State : Enabled Guest Vlan : Enabled MACIP addressAuthenticatedTypeReAuth-TimerUser 00:10:dc:92:53:2d10.201.31.119Yes,Radius802.1X14md5isp4 -----------------------------------------------
The show netlogin port 5:4 dot1x detail command generates the following sample output:
Port: 5:4 Port Restart: Disabled Vlan: corp Authentication: 802.1X Port State: Enabled Guest Vlan: Enabled MAC 00:10:dc:92:53:2d : IP=10.201.31.119 Auth=Yes User=md5isp4 : AuthPAE state=AUTHENTICATED BackAuth state=IDLE : ReAuth time left=8 ReAuth count=0 : Quiet time left=0 -----------------------------------------------
This command was first available in ExtremeXOS 11.1.
Information about the guest VLAN was added in ExtremeXOS 11.2.
Information about the configured port MAC list was added in ExtremeXOS 11.3.
Information about dynamic VLANs and network login port restart was added in ExtremeXOS 11.6.
The vlan_list variable was added in ExtremeXOS 16.1.
Information about authentication delay was added in ExtremeXOS 16.2.
This command is available on all platforms.