show netlogin

show netlogin {port port_list [ {vlan} vlan_name | vlan vlan_list]} {dot1x {detail}} {mac} {web-based}

Description

Shows status information for network login.

Syntax Description

port_list Specifies one or more ports or slots and ports.
vlan_name Specifies the name of a VLAN (Virtual LAN).
vlan_list Specifies a VLAN list of IDs.
dot1x Specifies 802.1X information.
detail Shows detailed information.
mac Specifies MAC-based information.
web-based Specifies web-based information.

Default

N/A.

Usage Guidelines

Depending on your configuration, software version, and the parameters you choose to display, the information reported by this command may include some or all of the following:
  • Whether network login is enabled or disabled.
  • The base-URL.
  • The default redirect page.
  • The logout privileges setting.
  • The network login session-refresh setting and time.
  • The MAC and IP address of supplicants.
  • The type of authentication, 802.1X, MAC-based, or HTTP (web-based).
  • The guest VLAN configurations, if applicable.
  • The dynamic VLAN state and uplink ports, if configured.
  • Whether network login port restart is enabled or disabled.
  • Which order of authentication protocols is currently being used.

If you do not specify the authentication method, the switch displays information for all network login authentication methods.

Example

The following sample output shows the summary network login information:

# show netlogin

NetLogin Authentication Mode : web-based ENABLED;  802.1X ENABLED;  mac-based ENABLED
NetLogin VLAN                : "nvlan"
NetLogin move-fail-action    : Authenticate
NetLogin Client Aging Time   : 5 minutes
Dynamic VLAN Creation        : Enabled
Dynamic VLAN Uplink Ports    : 12
------------------------------------------------
Web-based Mode Global Configuration
------------------------------------------------
Base-URL                 : network-access.com
Default-Redirect-Page    : http://www.yahoo.com
Logout-privilege         : YES
Netlogin Session-Refresh : ENABLED; 3 minutes
Authentication Database  : Radius, Local-User database
------------------------------------------------
------------------------------------------------
802.1X Mode Global Configuration
------------------------------------------------
Quiet Period                    : 60
Supplicant Response Timeout     : 30
Re-authentication period        : 200
RADIUS server timeout           : 30
EAPOL MPDU version to transmit  : v1
Authentication Database         : Radius
------------------------------------------------
------------------------------------------------
MAC Mode Global Configuration
------------------------------------------------
Re-authentication period        : 0 (Re-authentication disabled) 
Authentication Database         : Radius, Local-User database 
Authentication Delay Period     : 0 (Default) 

MAC Address/Mask      Password (encrypted)            Port(s)
--------------------  ------------------------------  ------------------------
00:00:86:3F:1C:35/48  yaqu                            any
00:01:20:00:00:00/24  yaqu                            any
00:04:0D:28:45:CA/48  =4253C5;50O@                    any
00:10:14:00:00:00/24  yaqu                            any
00:10:A4:A9:11:3B/48  yaqu                            any
00:10:A4:00:00:00/24  yaqu                            any
Default               yaqu                            any
Authentication Database         : Radius, Local-User database
------------------------------------------------
Port: 5,  Vlan: nvlan,  State: Enabled,  Authentication: mac-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 9,  Vlan: nvlan,  State: Enabled,  Authentication: web-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 10,  Vlan: nvlan,  State: Enabled,  Authentication: 802.1X, mac-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 17,  Vlan: engr,  State: Enabled,  Authentication: mac-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 17,  Vlan: mktg,  State: Enabled,  Authentication: mac-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 19,  Vlan: corp,  State: Enabled,  Authentication: 802.1X,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
00:04:0d:50:e1:3a  0.0.0.0          No                     0              00040D50E13A
00:10:dc:98:54:00  10.201.31.113    Yes, Radius    802.1X  24             md5isp7
-----------------------------------------------
Port: 19,  Vlan: nvlan,  State: Enabled,  Authentication: 802.1X,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
00:04:0d:50:e1:3a  0.0.0.0          No             802.1X  0
-----------------------------------------------
Port: 19,  Vlan: voice-ip,  State: Enabled,  Authentication: 802.1X,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
00:04:0d:50:e1:3a  0.0.0.0          Yes, Radius    802.1X  75             00040D50E13A
-----------------------------------------------

The following command shows more detailed information, including the configured authentication methods:

# show netlogin port 3:2 vlan "Default"
Port: 2:1       Vlan: Default
Authentication: Web-Based, 802.1X
Port State:     Unauthenticated
Guest VLAN:     Not Enabled
DHCP:           Not Enabled
MAC                IP address      Auth   Type      ReAuth-Timer User
00:0C:F1:E8:4E:13  0.0.0.0         No     802.1X    0            Unknown
00:01:30:F3:EA:A0  10.0.0.1        Yes    802.1X    0            testUser

The following command shows information about a specific port configured for network login:

# show netlogin port 1:1
Port          : 1:1
Port Restart  : Enabled
Vlan          : Default
Authentication: mac-based
Port State    : Enabled
Guest Vlan    : Disabled
MAC                IP address       Auth  Type    ReAuth-Timer   User
-----------------------------------------------

The following command shows the details of the 802.1X mode:

# show netlogin dot1x detail

NetLogin Authentication Mode : web-based DISABLED;  802.1X ENABLED;  mac-based DISABLED
NetLogin VLAN                : "nl"
NetLogin move-fail-action    : Deny
------------------------------------------------
802.1X Mode Global Configuration
------------------------------------------------
Quiet Period                    : 30
Supplicant Response Timeout     : 30
Re-authentication period        : 3600
RADIUS server timeout           : 30
EAPOL MPDU version to transmit  : v1
Guest VLAN                      : destVlan
------------------------------------------------
Port: 1:1,  Vlan: Default,  State: Enabled,  Authentication: 802.1X, Guest Vlan: destVlan
MAC
00:00:86:53:c3:14   : IP=0.0.0.0         Auth=Yes User= testUser
: AuthPAE state=AUTHENTICATED BackAuth state=IDLE
: ReAuth time left=3595       ReAuth count=1
: Quiet time left=37
00:02:03:04:04:05   : IP=0.0.0.0         Auth=No  User=
: AuthPAE state=CONNECTING    BackAuth state=IDLE
: ReAuth time left=0          ReAuth count=2
: Quiet time left=37
-----------------------------------------------

For 802.1X, if re-authentication is disabled, the re-authentication period appears as follows:

Re-authentication period        : 0 (Re-authentication disabled)

The show netlogin port 5:4 dot1x command generates the following sample output:

Port						: 5:4
Port Restart						: Disabled
Vlan						: corp
Authentication						: 802.1X
Port State     						: Enabled
Guest Vlan						: Enabled
MACIP addressAuthenticatedTypeReAuth-TimerUser
00:10:dc:92:53:2d10.201.31.119Yes,Radius802.1X14md5isp4
-----------------------------------------------

The show netlogin port 5:4 dot1x detail command generates the following sample output:

Port: 5:4
Port Restart: Disabled
Vlan: corp
Authentication: 802.1X
Port State: Enabled
Guest Vlan: Enabled
MAC
00:10:dc:92:53:2d   : IP=10.201.31.119   Auth=Yes  User=md5isp4
: AuthPAE state=AUTHENTICATED BackAuth state=IDLE
: ReAuth time left=8       ReAuth count=0
: Quiet time left=0
-----------------------------------------------

History

This command was first available in ExtremeXOS 11.1.

Information about the guest VLAN was added in ExtremeXOS 11.2.

Information about the configured port MAC list was added in ExtremeXOS 11.3.

Information about dynamic VLANs and network login port restart was added in ExtremeXOS 11.6.

The vlan_list variable was added in ExtremeXOS 16.1.

Information about authentication delay added in ExtremeXOS 21.1.

Authentication username format information was added in ExtremeXOS 22.3.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.