Page Comparison

...

The run show dot1x interface command dispays displays the configuration information and port status of NAC authentication function on the interface.

...

Parameter	Description
gigabit-ethernet <interface-name>	OptionaOptional. Specifies the physica physical interface name.

Usage GuideinesGuidelines

You can use this command to view the NAC authentication information of the cient client on a all the interface enabed enabled with NAC or on a specified interface. This command can aso also be used to view the dynamic AC ACL and downoadabe AC downloadable ACL information.

ExampeExample

Run run show dot1x interface gigabit-ethernet <interface-name> command to view the detaied detailed NAC information on a specified interface.

Code Block

admin@Xorpus#admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/13
Interface ge-1/1/13:
============================================================
  CientClient MAC              : 08:9e:01:9e:cc:fe
  Status                   : authorized
  Success Auth Method       : MAB
  Dynamic VANVLAN ID         : 200 (active)

admin@Xorpus#admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/14
Interface ge-1/1/14:
============================================================
  CientClient MAC               : 00:00:00:22:55:56
  Status                    : authorized
  Success Auth Method       : MAB
  Dynamic VANVLAN ID         : 200 (active)
  DownoadabeDownloadable FiterFilter Name   : f1
  DownoadabeDownloadable FiterFilter RueRule    : sequence 1 from source 10.10.10.10/24
                            sequence 1 then action forward

admin@Xorpus#admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/15
Interface ge-1/1/15:
============================================================
  CientClient MAC                : 00:00:00:22:55:56
  Status                     : authorized
  Success Auth Method       : MAB
  Dynamic VANVLAN ID         : 200 (active)
  Dynamic FiterFilter Name       : f2(active)
============================================================

Run run show dot1x interface command to view the brief NAC information on a all the NAC enabed enabled interfaces.

Code Block

admin@Xorpus#admin@Xorplus# run show dot1x interface 
Interface  802.1x  MAC-RADIUS  WEB  HOST-MODE  CIENTCLIENT-MAC  CIENTCLIENT-STATUS
---------------------------------------------------------------------------------------------------------------------------
ge-1/1/1  disabedisable   enabeenable      disabedisable   singesingle        00:11:22:33:44:55   unauthorized 
ge-1/1/3  disabedisable   enabeenable      enabeenable    singesingle

Tabe Table 2. Description Description of the run show dot1x interface command output

Item

Description

Cient

Client MAC

Indicates the MAC address of the

cients

clients connected to the interface.
Status	Indicates the authentication status of the

cient

client. The

vaue coud

value could be unauthorized or authorized.
Success Auth Method	Indicates the authentication method used when the authentication status is authorized. The

vaue coud

value could be Dot1x or MAB.

Redirect

UR

URL	Indicates the redirect

UR deivered

URL delivered from the AAA server before Web authentication succeeds.

Dynamic

VAN

VLAN ID

Indicates the dynamic

VAN

VLAN ID

deivered

delivered from the RADIUS authentication server. The active or inactive in parentheses indicates whether the dynamic

VAN

VLAN is configured on the switch.

Downoadabe Fiter

Downloadable Filter Name

Dispays

Displays the

downoadabe fiter

downloadable filter name that is

deivered

delivered to the

cientDispays the downoadabe fiter rue that is deivered to the cient

client.

Downoadabe Fiter Rue

Downloadable Filter Rule	Displays the downloadable filter rule that is delivered to the client.
Dynamic

Fiter

Filter Name

Dispays

Displays the dynamic

fiter

filter name that is

deivered

delivered to the

cient

client. The active or inactive in parentheses indicates whether the dynamic

fiter

filter is configured on the switch.
Interface	Indicates the

physica

physical interfaces

enabed

enabled NAC.
802.1x	Indicates whether the 802.1X authentication is

enabed

enabled.

enabe

enable: indicates the 802.1X authentication is

enabed

enabled.

disabe

disable: indicates the 802.1X authentication is

disabed

disabled.
MAC-RADIUS	Indicates whether the MAB authentication is

enabed

enabled.

enabe

enable: indicates the MAB authentication is

enabed

enabled.

disabe

disable:indicates the MAB authentication is

disabed

disabled.
WEB	Indicates whether the Web authentication is

enabed

enabled.

enabe

enable: indicates the Web authentication is

enabed

enabled.

disabe

disable:indicates the Web authentication is

disabed

disabled.
HOST-MODE	Host mode of interface. The

vaue coud

value could be

singe

single or

mutipeSinge

multiple.

single:

Ony

Only one user is

aowed

allowed to access the switch port,

uness

unless the user goes

offine

offline other users can try to access the port. The authentication

wi

will be restarted if port is bounced or

cient

client is changed.

Mutipe: Mutipe cients

multiple: Multiple clients connect to the network through the same switch port. If a user goes

offine

offline, the network access rights of other users are not affected. At most 8

cients

clients are

aowed

allowed to be authenticated on a

singe

single switch port, the ninth

wi

will be added into the pending

ist

list.

The

defaut

default host mode is

singe

single. Note that changing host mode from

CI wi

CLI will cause re-authentication for

a onine

all online users of the port.

CIENT

CLIENT-MAC

Indicates the MAC address of the

cients

clients connected to the interface.

CIENT

CLIENT-STATUS

Indicates the authentication status of the

cient

client. The

vaue coud

value could be unauthorized or authorized.

Version	Old Version 1	New Version 2
Changes made by	Tracy Yang (Unlicensed)	Tracy Yang (Unlicensed)
Saved on	Mar 16, 2021	Mar 22, 2022

Versions Compared

Key