Command of the Day

Reply
Aruba Employee

COTD: Getting quick information on an 802.1x client

Ever wanted to get some more info about what a particular dot1x client is up to? Are they re-authenticating a lot? What type of encryption are they using? What type of EAP? Have they successfully completed authentication? Do we have a cached PMKID for them? And even key rotation statistics?
Well, the answer is in the "show dot1x supplicant-info" command:
(Greig) #show dot1x supplicant-info ?
AP IP Address
Supplicant MAC address
list-all Show all 802.1X supplicants
pmkid Show pmkids of the stations
statistics Show 802.1X statistics of the users
(Greig) #show dot1x supplicant-info list-all
802.1x User Information
-----------------------
MAC Name Auth AP-MAC Enc-Key/Type Auth-Mode EAP-Type Remote
------------ -------- ---- ------ ------------------- ----------- --------- ------
00:13:02:71:e9:f6 ARUBANETWORKS\greig Yes 00:0b:86:93:6b:20 * * * * * * * */WPA2-AES Explict Mode EAP-PEAP No
00:0e:9b:cc:cf:33 ARUBANETWORKS\kbouamrane Yes 00:0b:86:93:6b:28 * * * * * * * */WPA2-AES Explict Mode EAP-PEAP No
Station Entries: 2
(Greig) #show dot1x supplicant-info pmkid
PMKID Table
-----------
Mac Name AP PMKID
--- ---- -- -----
00:13:02:71:e9:f6 ARUBANETWORKS\greig 00:0b:86:93:6b:20 * * * * * * * * *
00:0e:9b:cc:cf:33 ARUBANETWORKS\kbouamrane 00:0b:86:93:6b:28 * * * * * * * * *
Station Entries: 2
(Greig) #
(Greig) #show dot1x supplicant-info statistics
802.1x Statistics
-----------------
Mac Name AP Auth-Succs Auth-Fails Auth-Tmout Re-Auths Supp-Naks UKeyRotations MKeyRotations
--- ---- -- ---------- ---------- ---------- -------- --------- -------------
-------------
00:13:02:71:e9:f6 ARUBANETWORKS\greig 00:0b:86:93:6b:20 1 0 0 0 0 0 0
00:0e:9b:cc:cf:33 ARUBANETWORKS\kbouamrane 00:0b:86:93:6b:28 1 0 0 0 0 0 0
Total:
54 2 0 0 0 0 0
Station Entries: 2
(Greig) #

Note that you must have "encrypt disable" configured in order to view the
pmkid and also the encryption keys.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: