run show dot1x interface


The run show dot1x interface command displays the configuration information and port status of NAC authentication function on the interface.


Command Syntax

run show dot1x interface [gigabit-ethernet <interface-name>]


Parameter

Parameter

Description

gigabit-ethernet <interface-name>

Optional. Specifies the physical interface name. 


Usage Guidelines

You can use this command to view the NAC authentication information of the client on all the interface enabled with NAC or on a specified interface. This command can also be used to view the dynamic ACL and downloadable ACL information.



Example

  • Run run show dot1x interface gigabit-ethernet <interface-name> command to view the detailed NAC information on a specified interface.
admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/48
Interface ge-1/1/48:
============================================================
  Client MAC                : 00:00:00:11:11:11
  Status                    : authorized
  Success Auth Method       : MAB
  Last Success Time         : Sun Mar 20 21:08:11 2022
  Traffic Class             : Other
  Downloadable Filter Name  : pica-dacl-mab (active)
============================================================

admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/13
Interface ge-1/1/13:
============================================================
  Client MAC                : 08:9e:01:9e:cc:fe
  Status                    : authorized
  Success Auth Method       : MAB
  Dynamic VLAN ID           : 200 (active)
============================================================


admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/14
Interface ge-1/1/14:
============================================================
  Client MAC                : 00:00:00:22:55:56
  Status                    : authorized
  Success Auth Method       : MAB
  Dynamic VLAN ID           : 200 (active)
  Downloadable Filter Name  : f1
============================================================


admin@Xorplus# run show dot1x interface gigabit-ethernet ge-1/1/15
Interface ge-1/1/15:
============================================================
  Client MAC                : 00:00:00:22:55:56
  Status                    : authorized
  Success Auth Method       : MAB
  Dynamic VLAN ID           : 200 (active)
  Dynamic Filter Name       : f2(active)
============================================================
  • Run run show dot1x interface command to view the brief NAC information on all the NAC enabled interfaces.
admin@Xorplus# run show dot1x interface 
Interface  802.1x  MAC-RADIUS  WEB  HOST-MODE  Session-Timeout  CLIENT-MAC  CLIENT-STATUS
---------------------------------------------------------------------------------------------------------------------------
ge-1/1/1  disable   enable      disable   single(0)       0    00:11:22:33:44:55   unauthorized 
ge-1/1/3  disable   enable      enable    multiple(1)     0

Table 1. Description of the run show dot1x interface command output

Item

Description

Client MAC

Indicates the MAC address of the clients connected to the interface.

Status

Indicates the authentication status of the client. The value could be unauthorized or authorized.

Success Auth Method

Indicates the authentication method used when the authentication status is authorized. The value could be Dot1x or MAB.

Redirect URL

Indicates the redirect URL delivered from the AAA server before Web authentication succeeds.

Dynamic VLAN ID

Indicates the dynamic VLAN ID delivered from the RADIUS authentication server. The active or inactive in parentheses indicates whether the dynamic VLAN is configured on the switch.

Downloadable Filter Name

Displays the downloadable filter name that is delivered to the client. Users can use command run show dot1x downloadable filter [<filter-name>] to display the details of downloadable filter rule.

Dynamic Filter Name

Displays the dynamic filter name that is delivered to the client. The active or inactive in parentheses indicates whether the dynamic filter is configured on the switch.

Interface

Indicates the physical interfaces enabled NAC.

802.1x

Indicates whether the 802.1X authentication is enabled.

  • enable: indicates the 802.1X authentication is enabled.
  • disable: indicates the 802.1X authentication is disabled.

MAC-RADIUS

Indicates whether the MAB authentication is enabled.

  • enable: indicates the MAB authentication is enabled.
  • disable: indicates the MAB authentication is disabled.

WEB

Indicates whether the Web authentication is enabled.

  • enable: indicates the Web authentication is enabled.
  • disable: indicates the Web authentication is disabled.

HOST-MODE

Host mode of interface and the number of active sessions. The value could be single(N) or multiple(N), where "N" is the number of active sessions.

  • single(N): Only one user is allowed to access the switch port, unless the user goes offline other users can try to access the port. The authentication will be restarted if port is bounced or client is changed. 
  • multiple(N): Multiple clients connect to the network through the same switch port. If a user goes offline, the network access rights of other users are not affected. At most 8 clients are allowed to be authenticated on a single switch port, the ninth will be added into the pending list.

The default host mode is single. Note that changing host mode from CLI will cause re-authentication for all online users of the port.

Session-TimeoutIndicates the expire timer for the authenticated session.

CLIENT-MAC

Indicates the MAC address of the clients connected to the interface.

CLIENT-STATUS

Indicates the authentication status of the client. The value could be unauthorized or authorized.

Copyright © 2024 Pica8 Inc. All Rights Reserved.