show netlogin

show netlogin {port port_list [ {vlan} vlan_name | vlan vlan_list]} {dot1x {detail}} {mac} {web-based}

Description

Shows status information for network login.

Syntax Description

port_list Specifies one or more ports or slots and ports.
vlan_name Specifies the name of a VLAN (Virtual LAN).
vlan_list Specifies a VLAN list of IDs.
dot1x Specifies 802.1X information.
detail Shows detailed information.
mac Specifies MAC-based information.
web-based Specifies web-based information.

Default

N/A.

Usage Guidelines

Depending on your configuration, software version, and the parameters you choose to display, the information reported by this command may include some or all of the following:
  • Whether network login is enabled or disabled.
  • The base-URL.
  • The default redirect page.
  • The logout privileges setting.
  • The network login session-refresh setting and time.
  • The MAC and IP address of supplicants.
  • The type of authentication, 802.1X, MAC-based, or HTTP (web-based).
  • The guest VLAN configurations, if applicable.
  • The dynamic VLAN state and uplink ports, if configured.
  • Whether network login port restart is enabled or disabled.
  • Which order of authentication protocols is currently being used.

If you do not specify the authentication method, the switch displays information for all network login authentication methods.

Note

Note

The "current user" count displays how many resources are left to be able to be configured/authenticated. Admin-profile rules consume a resource similar to authenticated users, even if that particular MAC address is not presently on the system (a static admin-profile port rule also increments this count). As a result, the "current user" count value reflects a combination of users and consumed resources (admin-profile rules).

Example

The following sample output shows the summary network login information:

# show netlogin

NetLogin Authentication Mode : web-based ENABLED;  802.1X ENABLED;  mac-based ENABLED
NetLogin VLAN                : "nvlan"
NetLogin move-fail-action    : Authenticate
NetLogin Client Aging Time   : 5 minutes
Dynamic VLAN Creation        : Enabled
Dynamic VLAN Uplink Ports    : 12
------------------------------------------------
Web-based Mode Global Configuration
------------------------------------------------
Base-URL                 : network-access.com
Default-Redirect-Page    : http://www.yahoo.com
Logout-privilege         : YES
Netlogin Session-Refresh : ENABLED; 3 minutes
Authentication Database  : Radius, Local-User database
------------------------------------------------
------------------------------------------------
802.1X Mode Global Configuration
------------------------------------------------
Quiet Period                    : 60
Supplicant Response Timeout     : 30
Re-authentication period        : 200
RADIUS server timeout           : 30
EAPOL MPDU version to transmit  : v1
Authentication Database         : Radius
------------------------------------------------
------------------------------------------------
MAC Mode Global Configuration
------------------------------------------------
Re-authentication period        : 0 (Re-authentication disabled) 
Authentication Database         : Radius, Local-User database 
Authentication Delay Period     : 0 (Default) 

MAC Address/Mask      Password (encrypted)            Port(s)
--------------------  ------------------------------  ------------------------
00:00:86:3F:1C:35/48  yaqu                            any
00:01:20:00:00:00/24  yaqu                            any
00:04:0D:28:45:CA/48  =4253C5;50O@                    any
00:10:14:00:00:00/24  yaqu                            any
00:10:A4:A9:11:3B/48  yaqu                            any
00:10:A4:00:00:00/24  yaqu                            any
Default               yaqu                            any
Authentication Database         : Radius, Local-User database
------------------------------------------------
Port: 5,  Vlan: nvlan,  State: Enabled,  Authentication: mac-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 9,  Vlan: nvlan,  State: Enabled,  Authentication: web-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 10,  Vlan: nvlan,  State: Enabled,  Authentication: 802.1X, mac-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 17,  Vlan: engr,  State: Enabled,  Authentication: mac-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 17,  Vlan: mktg,  State: Enabled,  Authentication: mac-based,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
-----------------------------------------------
Port: 19,  Vlan: corp,  State: Enabled,  Authentication: 802.1X,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
00:04:0d:50:e1:3a  0.0.0.0          No                     0              00040D50E13A
00:10:dc:98:54:00  10.201.31.113    Yes, Radius    802.1X  24             md5isp7
-----------------------------------------------
Port: 19,  Vlan: nvlan,  State: Enabled,  Authentication: 802.1X,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
00:04:0d:50:e1:3a  0.0.0.0          No             802.1X  0
-----------------------------------------------
Port: 19,  Vlan: voice-ip,  State: Enabled,  Authentication: 802.1X,  Guest Vlan <Not Configured>: Disabled
MAC                IP address       Authenticated  Type    ReAuth-Timer   User
00:04:0d:50:e1:3a  0.0.0.0          Yes, Radius    802.1X  75             00040D50E13A
-----------------------------------------------

The following command shows more detailed information, including the configured authentication methods:

# show netlogin port 3:2 vlan "Default"
Port: 2:1       Vlan: Default
Authentication: Web-Based, 802.1X
Port State:     Unauthenticated
Guest VLAN:     Not Enabled
DHCP:           Not Enabled
MAC                IP address      Auth   Type      ReAuth-Timer User
00:0C:F1:E8:4E:13  0.0.0.0         No     802.1X    0            Unknown
00:01:30:F3:EA:A0  10.0.0.1        Yes    802.1X    0            testUser

The following command shows information about a specific port configured for network login:

# show netlogin port 1:1
Port          : 1:1
Port Restart  : Enabled
Vlan          : Default
Authentication: mac-based
Port State    : Enabled
Guest Vlan    : Disabled
MAC                IP address       Auth  Type    ReAuth-Timer   User
-----------------------------------------------

The following command shows information for 802.1X mode:

# show netlogin dot1x
NetLogin Authentication Mode : web-based DISABLED;  802.1x ENABLED;  MAC-based ENABLED
NetLogin VLAN                : "nlvlan"
NetLogin move-fail-action    : Deny
NetLogin Client Aging Time   : 5 minutes
Dynamic VLAN Creation        : Disabled
Dynamic VLAN Uplink Ports    : None
Authentication Protocol Order: 802.1x, web-based, mac-based (default)
Maximum Number Of Users      : 256 (Policy Enabled only)
 
------------------------------------------------
        802.1x Mode Global Configuration
------------------------------------------------
EAPOL MPDU version to transmit  : v1
Tag EAPOL on tagged ports       : Off
Authentication Database         : Radius
RADIUS Accounting               : On
------------------------------------------------
 
Port: 1,  Vlan: nlvlan,  State: Enabled,  Authentication: 802.1x, mac-based
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
------------------------------------------------
        802.1x Port Configuration
------------------------------------------------
Quiet Period                  : 60
Supplicant Response Timeout   : 30
Re-authentication             : On
Re-authentication period      : 1200
Max Re-authentications        : 3
RADIUS server timeout         : 30
Guest Vlan <Not Configured>   : Disabled
------------------------------------------------
        MAC Mode Port Configuration
------------------------------------------------
Re-authentication             : Off
Re-authentication period      : 3600
Authentication Delay          : 0 seconds (Default)
------------------------------------------------
        Netlogin Clients
------------------------------------------------
 
MAC                IP address       Authenticated     Type    ReAuth-Timer   User
-----------------------------------------------
(B) - Client entry Blackholed in FDB
 
Port: 1,  Vlan: v1,  State: Enabled,  Authentication: 802.1x, mac-based
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled
------------------------------------------------
        802.1x Port Configuration
------------------------------------------------
Quiet Period                  : 60
Supplicant Response Timeout   : 30
Re-authentication             : On
Re-authentication period      : 1200
Max Re-authentications        : 3
RADIUS server timeout         : 30
Guest Vlan <Not Configured>: Disabled
------------------------------------------------
        MAC Mode Port Configuration
------------------------------------------------
Re-authentication             : Off
Re-authentication period      : 3600
Authentication Delay          : 0 seconds (Default)
------------------------------------------------
        Netlogin Clients
------------------------------------------------
 
MAC                IP address       Authenticated     Type    ReAuth-Timer   User
00:00:00:00:00:02  0.0.0.0          Yes, Radius       802.1x  658            harish
-----------------------------------------------
(B) - Client entry Blackholed in FDB
 
 
Number of Clients Authenticated  : 1

For 802.1X, if re-authentication is disabled, the re-authentication period appears as follows:

Re-authentication period        : 0 (Re-authentication disabled)

The show netlogin port 5:4 dot1x command generates the following sample output:

Port						: 5:4
Port Restart						: Disabled
Vlan						: corp
Authentication						: 802.1X
Port State     						: Enabled
Guest Vlan						: Enabled
MACIP addressAuthenticatedTypeReAuth-TimerUser
00:10:dc:92:53:2d10.201.31.119Yes,Radius802.1X14md5isp4
-----------------------------------------------

The show netlogin port 5:4 dot1x detail command generates the following sample output:

Port: 5:4
Port Restart: Disabled
Vlan: corp
Authentication: 802.1X
Port State: Enabled
Guest Vlan: Enabled
MAC
00:10:dc:92:53:2d   : IP=10.201.31.119   Auth=Yes  User=md5isp4
: AuthPAE state=AUTHENTICATED BackAuth state=IDLE
: ReAuth time left=8       ReAuth count=0
: Quiet time left=0
-----------------------------------------------

History

This command was first available in ExtremeXOS 11.1.

Information about the guest VLAN was added in ExtremeXOS 11.2.

Information about the configured port MAC list was added in ExtremeXOS 11.3.

Information about dynamic VLANs and network login port restart was added in ExtremeXOS 11.6.

The vlan_list variable was added in ExtremeXOS 16.1.

Information about authentication delay added in ExtremeXOS 21.1.

Authentication username format information was added in ExtremeXOS 22.3.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X590, X620, X690, X870 series switches.