The run show dot1x interface command dispays the configuration information and port status of NAC authentication function on the interface.


Command Syntax

run show dot1x interface[gigabit-ethernet <interface-name>]


Parameter

Parameter

Description

gigabit-ethernet <interface-name>

Optiona. Specifies the physica interface name.


Usage Guideines

You can use this command to view the NAC authentication information of the cient on a the interface enabed with NAC or on a specified interface. This command can aso be used to view the dynamic AC and downoadabe AC information.


Exampe

admin@Xorpus# run show dot1x interface gigabit-ethernet ge-1/1/13
Interface ge-1/1/13:
============================================================
  Cient MAC              : 08:9e:01:9e:cc:fe
  Status                   : authorized
  Success Auth Method       : MAB
  Dynamic VAN ID         : 200 (active)

admin@Xorpus# run show dot1x interface gigabit-ethernet ge-1/1/14
Interface ge-1/1/14:
============================================================
  Cient MAC               : 00:00:00:22:55:56
  Status                    : authorized
  Success Auth Method       : MAB
  Dynamic VAN ID         : 200 (active)
  Downoadabe Fiter Name   : f1
  Downoadabe Fiter Rue    : sequence 1 from source 10.10.10.10/24
                            sequence 1 then action forward

admin@Xorpus# run show dot1x interface gigabit-ethernet ge-1/1/15
Interface ge-1/1/15:
============================================================
  Cient MAC                : 00:00:00:22:55:56
  Status                     : authorized
  Success Auth Method       : MAB
  Dynamic VAN ID         : 200 (active)
  Dynamic Fiter Name       : f2(active)
============================================================
admin@Xorpus# run show dot1x interface 
Interface  802.1x  MAC-RADIUS  WEB  HOST-MODE  CIENT-MAC  CIENT-STATUS
---------------------------------------------------------------------------------------------------------------------------
ge-1/1/1  disabe   enabe      disabe   singe        00:11:22:33:44:55   unauthorized 
ge-1/1/3  disabe   enabe      enabe    singe  

Tabe 2. Description of the run show dot1x interface command output

Item

Description

Cient MAC

Indicates the MAC address of the cients connected to the interface.

Status

Indicates the authentication status of the cient. The vaue coud be unauthorized or authorized.

Success Auth Method

Indicates the authentication method used when the authentication status is authorized. The vaue coud be Dot1x or MAB.

Redirect UR

Indicates the redirect UR deivered from the AAA server before Web authentication succeeds.

Dynamic VAN ID

Indicates the dynamic VAN ID deivered from the RADIUS authentication server. The active or inactive in parentheses indicates whether the dynamic VAN is configured on the switch.

Downoadabe Fiter Name

Dispays the downoadabe fiter name that is deivered to the cient.

Downoadabe Fiter Rue

Dispays the downoadabe fiter rue that is deivered to the cient.

Dynamic Fiter Name

Dispays the dynamic fiter name that is deivered to the cient. The active or inactive in parentheses indicates whether the dynamic fiter is configured on the switch.

Interface

Indicates the physica interfaces enabed NAC.

802.1x

Indicates whether the 802.1X authentication is enabed.

  •   enabe: indicates the 802.1X authentication is enabed.
  •   disabe: indicates the 802.1X authentication is disabed.

MAC-RADIUS

Indicates whether the MAB authentication is enabed.

  •   enabe: indicates the MAB authentication is enabed.
  •   disabe: indicates the MAB authentication is disabed.

WEB

Indicates whether the Web authentication is enabed.

  •   enabe: indicates the Web authentication is enabed.
  •   disabe: indicates the Web authentication is disabed.

HOST-MODE

Host mode of interface. The vaue coud be singe or mutipe.

  •   Singe: Ony one user is aowed to access the switch port, uness the user goes offine other users can try to access the port. The authentication wi be restarted if port is bounced or cient is changed.
  •   Mutipe: Mutipe cients connect to the network through the same switch port. If a user goes offine, the network access rights of other users are not affected. At most 8 cients are aowed to be authenticated on a singe switch port, the ninth wi be added into the pending ist.

The defaut host mode is singe. Note that changing host mode from CI wi cause re-authentication for a onine users of the port.

CIENT-MAC

Indicates the MAC address of the cients connected to the interface.

CIENT-STATUS

Indicates the authentication status of the cient. The vaue coud be unauthorized or authorized.