Command of the Day

Reply
Highlighted
Aruba Employee
Posts: 34
Registered: ‎03-29-2007

COTD: Getting quick information on an 802.1x client

Ever wanted to get some more info about what a particular dot1x client is up to? Are they re-authenticating a lot? What type of encryption are they using? What type of EAP? Have they successfully completed authentication? Do we have a cached PMKID for them? And even key rotation statistics?
Well, the answer is in the "show dot1x supplicant-info" command:
(Greig) #show dot1x supplicant-info ?
AP IP Address
Supplicant MAC address
list-all Show all 802.1X supplicants
pmkid Show pmkids of the stations
statistics Show 802.1X statistics of the users
(Greig) #show dot1x supplicant-info list-all
802.1x User Information
-----------------------
MAC Name Auth AP-MAC Enc-Key/Type Auth-Mode EAP-Type Remote
------------ -------- ---- ------ ------------------- ----------- --------- ------
00:13:02:71:e9:f6 ARUBANETWORKS\greig Yes 00:0b:86:93:6b:20 * * * * * * * */WPA2-AES Explict Mode EAP-PEAP No
00:0e:9b:cc:cf:33 ARUBANETWORKS\kbouamrane Yes 00:0b:86:93:6b:28 * * * * * * * */WPA2-AES Explict Mode EAP-PEAP No
Station Entries: 2
(Greig) #show dot1x supplicant-info pmkid
PMKID Table
-----------
Mac Name AP PMKID
--- ---- -- -----
00:13:02:71:e9:f6 ARUBANETWORKS\greig 00:0b:86:93:6b:20 * * * * * * * * *
00:0e:9b:cc:cf:33 ARUBANETWORKS\kbouamrane 00:0b:86:93:6b:28 * * * * * * * * *
Station Entries: 2
(Greig) #
(Greig) #show dot1x supplicant-info statistics
802.1x Statistics
-----------------
Mac Name AP Auth-Succs Auth-Fails Auth-Tmout Re-Auths Supp-Naks UKeyRotations MKeyRotations
--- ---- -- ---------- ---------- ---------- -------- --------- -------------
-------------
00:13:02:71:e9:f6 ARUBANETWORKS\greig 00:0b:86:93:6b:20 1 0 0 0 0 0 0
00:0e:9b:cc:cf:33 ARUBANETWORKS\kbouamrane 00:0b:86:93:6b:28 1 0 0 0 0 0 0
Total:
54 2 0 0 0 0 0
Station Entries: 2
(Greig) #

Note that you must have "encrypt disable" configured in order to view the
pmkid and also the encryption keys.
Search Airheads
Showing results for 
Search instead for 
Did you mean: