run show dot1x interface

The run show dot1x interface command displays the configuration information and port status of NAC authentication function on the interface.

Command Syntax

run show dot1x interface [gigabit-ethernet <interface-name>]

Parameter

Parameter	Description
gigabit-ethernet <interface-name>	Optional. Specifies the physical interface name.

Usage Guidelines

You can use this command to view the NAC authentication information of the client on all the interface enabled with NAC or on a specified interface. This command can also be used to view the dynamic ACL and downloadable ACL information.

Example

Run run show dot1x interface gigabit-ethernet <interface-name> command to view the detailed NAC information on a specified interface.

admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/48
Interface ge-1/1/48:
============================================================
  Client MAC                : 00:00:00:11:11:11
  Status                    : authorized
  Success Auth Method       : MAB
  Last Success Time         : Sun Mar 20 21:08:11 2022
  Traffic Class             : Other
  Downloadable Filter Name  : pica-dacl-mab (active)
  Downloadable Filter Rule  : sequence 1 from protocol icmp code 24
                              sequence 1 then action forward
                              sequence 2 from protocol icmp type 45
                              sequence 2 then action discard
============================================================
  Client MAC                : 22:11:11:11:11:11
  Status                    : unauthorized
============================================================

admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/13
Interface ge-1/1/13:
============================================================
  Client MAC                : 08:9e:01:9e:cc:fe
  Status                    : authorized
  Success Auth Method       : MAB
  Dynamic VLAN ID           : 200 (active)

admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/14
Interface ge-1/1/14:
============================================================
  Client MAC                : 00:00:00:22:55:56
  Status                    : authorized
  Success Auth Method       : MAB
  Dynamic VLAN ID           : 200 (active)
  Downloadable Filter Name  : f1
  Downloadable Filter Rule  : sequence 1 from source 10.10.10.10/24
                              sequence 1 then action forward

admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/15
Interface ge-1/1/15:
============================================================
  Client MAC                : 00:00:00:22:55:56
  Status                    : authorized
  Success Auth Method       : MAB
  Dynamic VLAN ID           : 200 (active)
  Dynamic Filter Name       : f2(active)
============================================================

Run run show dot1x interface command to view the brief NAC information on all the NAC enabled interfaces.

admin@Xorplus# run show dot1x interface 
Interface  802.1x  MAC-RADIUS  WEB  HOST-MODE  CLIENT-MAC  CLIENT-STATUS
---------------------------------------------------------------------------------------------------------------------------
ge-1/1/1  disable   enable      disable   single(0)        00:11:22:33:44:55   unauthorized 
ge-1/1/3  disable   enable      enable    multiple(1)

Table 1. Description of the run show dot1x interface command output

Item	Description
Client MAC	Indicates the MAC address of the clients connected to the interface.
Status	Indicates the authentication status of the client. The value could be unauthorized or authorized.
Success Auth Method	Indicates the authentication method used when the authentication status is authorized. The value could be Dot1x or MAB.
Redirect URL	Indicates the redirect URL delivered from the AAA server before Web authentication succeeds.
Dynamic VLAN ID	Indicates the dynamic VLAN ID delivered from the RADIUS authentication server. The active or inactive in parentheses indicates whether the dynamic VLAN is configured on the switch.
Downloadable Filter Name	Displays the downloadable filter name that is delivered to the client.
Downloadable Filter Rule	Displays the downloadable filter rule that is delivered to the client.
Dynamic Filter Name	Displays the dynamic filter name that is delivered to the client. The active or inactive in parentheses indicates whether the dynamic filter is configured on the switch.
Interface	Indicates the physical interfaces enabled NAC.
802.1x	Indicates whether the 802.1X authentication is enabled. enable: indicates the 802.1X authentication is enabled. disable: indicates the 802.1X authentication is disabled.
MAC-RADIUS	Indicates whether the MAB authentication is enabled. enable: indicates the MAB authentication is enabled. disable: indicates the MAB authentication is disabled.
WEB	Indicates whether the Web authentication is enabled. enable: indicates the Web authentication is enabled. disable: indicates the Web authentication is disabled.
HOST-MODE	Host mode of interface and the number of active sessions. The value could be single(N) or multiple(N), where "N" is the number of active sessions. single(N): Only one user is allowed to access the switch port, unless the user goes offline other users can try to access the port. The authentication will be restarted if port is bounced or client is changed. multiple(N): Multiple clients connect to the network through the same switch port. If a user goes offline, the network access rights of other users are not affected. At most 8 clients are allowed to be authenticated on a single switch port, the ninth will be added into the pending list. The default host mode is single. Note that changing host mode from CLI will cause re-authentication for all online users of the port.
CLIENT-MAC	Indicates the MAC address of the clients connected to the interface.
CLIENT-STATUS	Indicates the authentication status of the client. The value could be unauthorized or authorized.