run show dot1x interface
- Tracy Yang (Unlicensed)
The run show dot1x interface command displays the configuration information and port status of NAC authentication function on the interface.
Command Syntax
run show dot1x interface [gigabit-ethernet <interface-name>]
Parameter
Parameter | Description |
gigabit-ethernet <interface-name> | Optional. Specifies the physical interface name. |
Usage Guidelines
You can use this command to view the NAC authentication information of the client on all the interface enabled with NAC or on a specified interface. This command can also be used to view the dynamic ACL and downloadable ACL information.
Example
- Run run show dot1x interface gigabit-ethernet <interface-name> command to view the detailed NAC information on a specified interface.
admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/13
Interface ge-1/1/13:
============================================================
Client MAC : 08:9e:01:9e:cc:fe
Status : authorized
Success Auth Method : MAB
Dynamic VLAN ID : 200 (active)
admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/14
Interface ge-1/1/14:
============================================================
Client MAC : 00:00:00:22:55:56
Status : authorized
Success Auth Method : MAB
Dynamic VLAN ID : 200 (active)
Downloadable Filter Name : f1
Downloadable Filter Rule : sequence 1 from source 10.10.10.10/24
sequence 1 then action forward
admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/15
Interface ge-1/1/15:
============================================================
Client MAC : 00:00:00:22:55:56
Status : authorized
Success Auth Method : MAB
Dynamic VLAN ID : 200 (active)
Dynamic Filter Name : f2(active)
============================================================
- Run run show dot1x interface command to view the brief NAC information on all the NAC enabled interfaces.
admin@Xorplus# run show dot1x interface Interface 802.1x MAC-RADIUS WEB HOST-MODE CLIENT-MAC CLIENT-STATUS --------------------------------------------------------------------------------------------------------------------------- ge-1/1/1 disable enable disable single 00:11:22:33:44:55 unauthorized ge-1/1/3 disable enable enable single
Table 1. Description of the run show dot1x interface command output
Item | Description |
Client MAC | Indicates the MAC address of the clients connected to the interface. |
Status | Indicates the authentication status of the client. The value could be unauthorized or authorized. |
Success Auth Method | Indicates the authentication method used when the authentication status is authorized. The value could be Dot1x or MAB. |
Redirect URL | Indicates the redirect URL delivered from the AAA server before Web authentication succeeds. |
Dynamic VLAN ID | Indicates the dynamic VLAN ID delivered from the RADIUS authentication server. The active or inactive in parentheses indicates whether the dynamic VLAN is configured on the switch. |
Downloadable Filter Name | Displays the downloadable filter name that is delivered to the client. |
Downloadable Filter Rule | Displays the downloadable filter rule that is delivered to the client. |
Dynamic Filter Name | Displays the dynamic filter name that is delivered to the client. The active or inactive in parentheses indicates whether the dynamic filter is configured on the switch. |
Interface | Indicates the physical interfaces enabled NAC. |
802.1x | Indicates whether the 802.1X authentication is enabled.
|
MAC-RADIUS | Indicates whether the MAB authentication is enabled.
|
WEB | Indicates whether the Web authentication is enabled.
|
HOST-MODE | Host mode of interface. The value could be single or multiple.
The default host mode is single. Note that changing host mode from CLI will cause re-authentication for all online users of the port. |
CLIENT-MAC | Indicates the MAC address of the clients connected to the interface. |
CLIENT-STATUS | Indicates the authentication status of the client. The value could be unauthorized or authorized. |
Copyright © 2025 Pica8 Inc. All Rights Reserved.