Shows status information for network login.
port_list | Specifies one or more ports or slots and ports. |
vlan_name | Specifies the name of a This command is available on the ExtremeSwitching X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, 5520 series switches.. |
vlan_list | Specifies a VLAN list of IDs. |
dot1x | Specifies 802.1X information. |
detail | Shows detailed information. |
mac | Specifies MAC-based information. |
web-based | Specifies web-based information. |
N/A.
If you do not specify the authentication method, the switch displays information for all network login authentication methods.
Note
The "current user" count displays how many resources are left to be able to be configured/authenticated. Admin-profile rules consume a resource similar to authenticated users, even if that particular MAC address is not presently on the system (a static admin-profile port rule also increments this count). As a result, the "current user" count value reflects a combination of users and consumed resources (admin-profile rules).The following sample output shows the summary network login information:
# show netlogin NetLogin Authentication Mode : web-based ENABLED; 802.1X ENABLED; mac-based ENABLED NetLogin VLAN : "nvlan" NetLogin move-fail-action : Authenticate NetLogin Client Aging Time : 5 minutes Dynamic VLAN Creation : Enabled Dynamic VLAN Uplink Ports : 12 ------------------------------------------------ Web-based Mode Global Configuration ------------------------------------------------ Base-URL : network-access.com Default-Redirect-Page : http://www.yahoo.com Logout-privilege : YES Netlogin Session-Refresh : ENABLED; 3 minutes Authentication Database : Radius, Local-User database ------------------------------------------------ ------------------------------------------------ 802.1X Mode Global Configuration ------------------------------------------------ Quiet Period : 60 Supplicant Response Timeout : 30 Re-authentication period : 200 RADIUS server timeout : 30 EAPOL MPDU version to transmit : v1 Authentication Database : Radius ------------------------------------------------ ------------------------------------------------ MAC Mode Global Configuration ------------------------------------------------ Re-authentication period : 0 (Re-authentication disabled) Authentication Database : Radius, Local-User database Authentication Delay Period : 0 (Default) MAC Address/Mask Password (encrypted) Port(s) -------------------- ------------------------------ ------------------------ 00:00:86:3F:1C:35/48 yaqu any 00:01:20:00:00:00/24 yaqu any 00:04:0D:28:45:CA/48 =4253C5;50O@ any 00:10:14:00:00:00/24 yaqu any 00:10:A4:A9:11:3B/48 yaqu any 00:10:A4:00:00:00/24 yaqu any Default yaqu any Authentication Database : Radius, Local-User database ------------------------------------------------ Port: 5, Vlan: nvlan, State: Enabled, Authentication: mac-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 9, Vlan: nvlan, State: Enabled, Authentication: web-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 10, Vlan: nvlan, State: Enabled, Authentication: 802.1X, mac-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 17, Vlan: engr, State: Enabled, Authentication: mac-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 17, Vlan: mktg, State: Enabled, Authentication: mac-based, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- Port: 19, Vlan: corp, State: Enabled, Authentication: 802.1X, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User 00:04:0d:50:e1:3a 0.0.0.0 No 0 00040D50E13A 00:10:dc:98:54:00 10.201.31.113 Yes, Radius 802.1X 24 md5isp7 ----------------------------------------------- Port: 19, Vlan: nvlan, State: Enabled, Authentication: 802.1X, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User 00:04:0d:50:e1:3a 0.0.0.0 No 802.1X 0 ----------------------------------------------- Port: 19, Vlan: voice-ip, State: Enabled, Authentication: 802.1X, Guest Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User 00:04:0d:50:e1:3a 0.0.0.0 Yes, Radius 802.1X 75 00040D50E13A -----------------------------------------------
The following command shows more detailed information, including the configured authentication methods:
# show netlogin port 3:2 vlan "Default" Port: 2:1 Vlan: Default Authentication: Web-Based, 802.1X Port State: Unauthenticated Guest VLAN: Not Enabled DHCP: Not Enabled MAC IP address Auth Type ReAuth-Timer User 00:0C:F1:E8:4E:13 0.0.0.0 No 802.1X 0 Unknown 00:01:30:F3:EA:A0 10.0.0.1 Yes 802.1X 0 testUser
The following command shows information about a specific port configured for network login:
# show netlogin port 1:1 Port : 1:1 Port Restart : Enabled Vlan : Default Authentication: mac-based Port State : Enabled Guest Vlan : Disabled MAC IP address Auth Type ReAuth-Timer User -----------------------------------------------
The following command shows information for 802.1X mode:
# show netlogin dot1x NetLogin Authentication Mode : web-based DISABLED; 802.1x ENABLED; MAC-based ENABLED NetLogin VLAN : "nlvlan" NetLogin move-fail-action : Deny NetLogin Client Aging Time : 5 minutes Dynamic VLAN Creation : Disabled Dynamic VLAN Uplink Ports : None Authentication Protocol Order: 802.1x, web-based, mac-based (default) Maximum Number Of Users : 256 (Policy Enabled only) ------------------------------------------------ 802.1x Mode Global Configuration ------------------------------------------------ EAPOL MPDU version to transmit : v1 Tag EAPOL on tagged ports : Off Authentication Database : Radius RADIUS Accounting : On ------------------------------------------------ Port: 1, Vlan: nlvlan, State: Enabled, Authentication: 802.1x, mac-based Authentication Failure Vlan <Not Configured>: Disabled Authentication Service-Unavailable Vlan <Not Configured>: Disabled ------------------------------------------------ 802.1x Port Configuration ------------------------------------------------ Quiet Period : 60 Supplicant Response Timeout : 30 Re-authentication : On Re-authentication period : 1200 Max Re-authentications : 3 RADIUS server timeout : 30 Guest Vlan <Not Configured> : Disabled ------------------------------------------------ MAC Mode Port Configuration ------------------------------------------------ Re-authentication : Off Re-authentication period : 3600 Authentication Delay : 0 seconds (Default) ------------------------------------------------ Netlogin Clients ------------------------------------------------ MAC IP address Authenticated Type ReAuth-Timer User ----------------------------------------------- (B) - Client entry Blackholed in FDB Port: 1, Vlan: v1, State: Enabled, Authentication: 802.1x, mac-based Authentication Failure Vlan <Not Configured>: Disabled Authentication Service-Unavailable Vlan <Not Configured>: Disabled ------------------------------------------------ 802.1x Port Configuration ------------------------------------------------ Quiet Period : 60 Supplicant Response Timeout : 30 Re-authentication : On Re-authentication period : 1200 Max Re-authentications : 3 RADIUS server timeout : 30 Guest Vlan <Not Configured>: Disabled ------------------------------------------------ MAC Mode Port Configuration ------------------------------------------------ Re-authentication : Off Re-authentication period : 3600 Authentication Delay : 0 seconds (Default) ------------------------------------------------ Netlogin Clients ------------------------------------------------ MAC IP address Authenticated Type ReAuth-Timer User 00:00:00:00:00:02 0.0.0.0 Yes, Radius 802.1x 658 harish ----------------------------------------------- (B) - Client entry Blackholed in FDB Number of Clients Authenticated : 1
For 802.1X, if re-authentication is disabled, the re-authentication period appears as follows:
Re-authentication period : 0 (Re-authentication disabled)
The show netlogin port 5:4 dot1x command generates the following sample output:
Port : 5:4 Port Restart : Disabled Vlan : corp Authentication : 802.1X Port State : Enabled Guest Vlan : Enabled MACIP addressAuthenticatedTypeReAuth-TimerUser 00:10:dc:92:53:2d10.201.31.119Yes,Radius802.1X14md5isp4 -----------------------------------------------
The show netlogin port 5:4 dot1x detail command generates the following sample output:
Port: 5:4 Port Restart: Disabled Vlan: corp Authentication: 802.1X Port State: Enabled Guest Vlan: Enabled MAC 00:10:dc:92:53:2d : IP=10.201.31.119 Auth=Yes User=md5isp4 : AuthPAE state=AUTHENTICATED BackAuth state=IDLE : ReAuth time left=8 ReAuth count=0 : Quiet time left=0 -----------------------------------------------
This command was first available in ExtremeXOS 11.1.
Information about the guest VLAN was added in ExtremeXOS 11.2.
Information about the configured port MAC list was added in ExtremeXOS 11.3.
Information about dynamic VLANs and network login port restart was added in ExtremeXOS 11.6.
The vlan_list variable was added in ExtremeXOS 16.1.
Information about authentication delay added in ExtremeXOS 21.1.
Authentication username format information was added in ExtremeXOS 22.3.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.