You are here: Home > CLI Commands > Just_CLI_Topics > show aaa state configuration

show aaa state configuration

show aaa state configuration

Description

Display authentication state configuration information, including the numbers of successful and failed authentications.

Example

This example shows authentication settings and values for a controller with no current users.

 

(host) #show aaa state configuration

 

Authentication State

--------------------

Name Value

---- -----

Switch IP 10.6.2.253

Switch IPv6

Master IP 10.100.103.253

Switch Role local

Current/Max/Total IPv4 Users 0/6/14

Current/Max/Total IPv6 Users 0/1/1

Current/Max/Total User Entries 0/4/15

Current/Max/Total Stations 121/190/367550

Captive Portal Users 4

802.1X Users 119

VPN Users 0

MAC Users 0

Stateful 802.1X Users 0

Tunneled users 0

Configured user roles 21

Configured session ACL 41

Configured destinations 32

Configured services 77

Configured Auth servers 9

Auth server in service 9

Radius server timeouts 7062

 

Successful authentications

--------------------------

Web MAC VPN 802.1X Krb RadAcct SecureID Stateful-802.1X Management

--- --- --- ------ --- ------- -------- --------------- ----------

138 0 0 10117 0 0 0 0 0

 

Failed authentications

----------------------

Web MAC VPN 802.1X Krb RadAcct SecureID Stateful-802.1X Management

--- --- --- ------ --- ------- -------- --------------- ----------

48 0 0 32235 0 0 0 0 0

 

Idled users = 3366

Mobility = Enabled

fast age = Disabled

per-user log = Disabled

Bandwidth contracts = 2/1

IP takeovers = 21

Ping/SYN/Session attacks = 0/0/0

 

The output of the show aaa state configuration command includes the following parameters:

Parameter

Description

Switch IP

IP address of the managed device.

Master IP

IP address of Mobility Master.

Switch Role

Role assigned to the device.

Current/Max/Total IPv4 Users

Current number of IPv4 users on the managed device/Maximum number of IPv4 users that can be assigned to the managed device at any time/Total number of  IPv4 users that have been assigned to the managed device since the last managed device reboot.

Current/Max/Total IPv6 Users

Current number of IPv6 users on the managed device/Maximum number of IPv6 users that can be assigned to the managed device at any time/Total number of IPv6 users that have been assigned to the managed device since the last managed device reboot.

Current/Max/Total Users

Current number of users on the managed device/Maximum number of users that can be assigned to the managed device at any time/Total number of users that have been assigned to the managed device since the last managed device reboot.

Current/Max/Total Stations

Current number of stations registered with the controller/Maximum number of stations that can be registered with the controller at any time/Total number of stations that have registered the controller since the last controller reboot.

Captive PortalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. Users

Number of current users authenticated via captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users..

802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. Users

Number of current users authenticated via 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.

VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. Users

Number of current users authenticated via VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. authentication.

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. Users

Number of current users authenticated via MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication.

Stateful 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. Users

Number of current users authenticated via stateful 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.

Tunneled users

Number of stations in tunneled forwarding mode, where 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frames are tunneled to the managed device using generic routing encapsulation (GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network.).

Configured user roles

Number of configured user roles.

Configured session ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.

Number of configured session ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Configured destinations

Number of destinations configured using the netdestination command.

Configured services

Number of service aliases configured using the netservice command.

Configured Auth servers

Number of configured authentication servers.

Auth server in service

Number of authentication servers currently in service.

Radius server timeouts

Number of times the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server did not respond to the authentication request.

Web

Total number of captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. authentications or authentication failures since the last managed device reset.

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.

Total number of MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentications or authentication failures since the last managed device reset.

VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.

Total number of VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. authentications or authentication failures since the last managed device reset.

802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.

Total number of 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentications or authentication failures since the last managed device reset.

Krb

Total number of Kerberos authentications or authentication failures since the last managed device reset.

RadAcct

Total number of RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  accounting verifications or accounting failures since the last managed device reset.

SecureID

Number of authentication verifications or failures using methods which use one-time passwords. (For example, EAP-GTCEAP – Generic Token Card. (non-tunneled). being used as the inner EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  protocol of EAP-PEAPEAP–Protected EAP. A widely used protocol for securely transporting authentication data across a network (tunneled)..)

Stateful-802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.

Total number of Stateful 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentications or authentication failures since the last managed device reset.

Management

Total number of Management user authentications or authentication failures since the last managed device reset.

Idled users

Total number of users that are not broadcasting data to an AP.

Mobility

Shows whether the IP mobility feature has been enabled or disabled on the managed device.

Fast age

This parameter shows if fast aging of user table entries has been enabled or disabled. When this feature is enabled, if a device comes up on the network with a different IP address, the device's old IP address is immediately deleted. If the user fast-age feature is not configured, the controller retains up to two IPv4 and two IPv6 addresses per device , and these IPs are aged out only when the device becomes inactive.

Per-User Log

Shows if the managed device collects per-user log files for debugging.

NOTE: This option is enabled using the aaa log command.

Bandwidth contracts

Number of configured bandwidth contracts on the managed device.

IP takeovers

Number of times a two different stations have attempted to use the same IP address (IP spoofing).

Ping/SYN/Session attacks

Number of reported ping, SYN and session attacks.

Command History

Command

Description

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/