run show dot1x interface
The run show dot1x interface command displays the configuration information and port status of NAC authentication function on the interface.
Command Syntax
run show dot1x interface [gigabit-ethernet <interface-name>]
Parameter
Parameter | Description |
gigabit-ethernet <interface-name> | Optional. Specifies the physical interface name. |
Usage Guidelines
You can use this command to view the NAC authentication information of the client on all the interface enabled with NAC or on a specified interface. This command can also be used to view the dynamic ACL and downloadable ACL information.
Example
- Run run show dot1x interface gigabit-ethernet <interface-name> command to view the detailed NAC information on a specified interface.
admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/48 Interface ge-1/1/48: ============================================================ Client MAC : 00:00:00:11:11:11 Status : authorized Success Auth Method : MAB Last Success Time : Sun Mar 20 21:08:11 2022 Traffic Class : Other Downloadable Filter Name : pica-dacl-mab (active) ============================================================ admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/13 Interface ge-1/1/13: ============================================================ Client MAC : 08:9e:01:9e:cc:fe Status : authorized Success Auth Method : MAB Dynamic VLAN ID : 200 (active) ============================================================ admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/14 Interface ge-1/1/14: ============================================================ Client MAC : 00:00:00:22:55:56 Status : authorized Success Auth Method : MAB Dynamic VLAN ID : 200 (active) Downloadable Filter Name : f1 ============================================================ admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/15 Interface ge-1/1/15: ============================================================ Client MAC : 00:00:00:22:55:56 Status : authorized Success Auth Method : MAB Dynamic VLAN ID : 200 (active) Dynamic Filter Name : f2(active) ============================================================
- Run run show dot1x interface command to view the brief NAC information on all the NAC enabled interfaces.
admin@Xorplus# run show dot1x interface Interface 802.1x MAC-RADIUS WEB HOST-MODE Session-Timeout CLIENT-MAC CLIENT-STATUS --------------------------------------------------------------------------------------------------------------------------- ge-1/1/1 disable enable disable single(0) 0 00:11:22:33:44:55 unauthorized ge-1/1/3 disable enable enable multiple(1) 0
Table 1. Description of the run show dot1x interface command output
Item | Description |
Client MAC | Indicates the MAC address of the clients connected to the interface. |
Status | Indicates the authentication status of the client. The value could be unauthorized or authorized. |
Success Auth Method | Indicates the authentication method used when the authentication status is authorized. The value could be Dot1x or MAB. |
Redirect URL | Indicates the redirect URL delivered from the AAA server before Web authentication succeeds. |
Dynamic VLAN ID | Indicates the dynamic VLAN ID delivered from the RADIUS authentication server. The active or inactive in parentheses indicates whether the dynamic VLAN is configured on the switch. |
Downloadable Filter Name | Displays the downloadable filter name that is delivered to the client. Users can use command run show dot1x downloadable filter [<filter-name>] to display the details of downloadable filter rule. |
Dynamic Filter Name | Displays the dynamic filter name that is delivered to the client. The active or inactive in parentheses indicates whether the dynamic filter is configured on the switch. |
Interface | Indicates the physical interfaces enabled NAC. |
802.1x | Indicates whether the 802.1X authentication is enabled.
|
MAC-RADIUS | Indicates whether the MAB authentication is enabled.
|
WEB | Indicates whether the Web authentication is enabled.
|
HOST-MODE | Host mode of interface and the number of active sessions. The value could be single(N) or multiple(N), where "N" is the number of active sessions.
The default host mode is single. Note that changing host mode from CLI will cause re-authentication for all online users of the port. |
Session-Timeout | Indicates the expire timer for the authenticated session. |
CLIENT-MAC | Indicates the MAC address of the clients connected to the interface. |
CLIENT-STATUS | Indicates the authentication status of the client. The value could be unauthorized or authorized. |
Copyright © 2024 Pica8 Inc. All Rights Reserved.