show dot1x
Syntax
-
show dot1x
- <brief | detail>
- <interface [interface-names]>
Release Information
Command introduced in JUNOS Release 9.0
for EX-series switches.
Description
Display the current operational state of all ports
with the list of connected users.
Options
none — Display information
for all authenticator ports.
brief | detail — (Optional)
Display the specified level of output.
interface interface-names — Display information for the specified
port with a list of connected supplicants.
Required Privilege Level
view
List of Sample Output
show dot1x interface brief
show dot1x interface detail
Output Fields
Table 1 lists the output fields for the show dot1x command.
Output fields are listed in the approximate order in which they appear.
Table 1: show
dot1x statistics Output Fields
|
Field Name
|
Field Description
|
Level of Output
|
|
interface
|
Name of a port.
|
All levels
|
|
MAC address
|
The MAC address of the connected
supplicant on the port.
|
All levels
|
|
Role
|
The 802.1X authentication role of the interface. When
802.1X is enabled on an interface, the role is Authenticator.
|
brief, detail
|
|
Admin-state
|
The administrative state of the port:
-
auto—Traffic is allowed through the port
based on the authentication result. (Default)
-
force-authorize—All traffic flows through
the port irrespective of the authentication result. This state is
not allowed on an interface whose VLAN membership has been set to dynamic.
-
force-unauthorize—All traffic drops on
the port irrespective of the authentication result. This state is
not allowed on an interface whose VLAN membership has been set to dynamic.
|
detail
|
|
Supplicant
|
The mode for the supplicant:
-
single—Authenticates only the first supplicant.
All other supplicants who connect later to the port are allowed full
access without any further authentication. They effectively “piggyback”
on the first supplicant’s authentication.
-
single-secure—Allows only one supplicant
to connect to the port. No other supplicant is allowed to connect
until the first supplicant logs out.
-
multiple—Allows multiple supplicants to
connect to the port. Each supplicant is authenticated individually.
|
detail
|
|
Quiet period
|
The number of seconds the port remains in the wait state
following a failed authentication exchange with the supplicant before
reattempting the authentication. The default value is 60 seconds.
The range is 0 through 65,535 seconds.
|
detail
|
|
Transmit period
|
The number of seconds the port waits before retransmitting
the initial EAPOL PDUs to the supplicant. The default value is 30
seconds. The range is 1 through 65,535 seconds.
|
detail
|
|
Reauthentication
|
The reauthentication state:
-
disable—Periodic reauthentication of the
client is disabled.
-
interval—Sets the periodic reauthentication
time interval. The default value is 3600 seconds. The range is 1 through
65,535 seconds.
|
detail
|
|
Supplicant timeout
|
The number of seconds the port waits for a response when
relaying a request from the authentication server to the supplicant
before resending the request. The default value is 30 seconds. The
range is 1 through 60 seconds.
|
detail
|
|
Server timeout
|
The number of seconds the port waits for a reply when
relaying a response from the supplicant to the authentication server
before timing out. The default value is 30 seconds. The range is 1
through 60 seconds.
|
detail
|
|
Maximum EAPOL requests
|
The maximum number of retransmission times of an EAPOL
request packet to the supplicant before the authentication session
times out. The default value is 2. The range is 1 through 10.
|
detail
|
|
Number of clients bypassed because of authentication
|
The number of non-802.1X clients granted access to the
LAN by means of static MAC bypass. The following fields are displayed:
-
Client—MAC address of the client.
-
vlan —The name of the VLAN to which the
client is connected.
|
detail
|
|
Number of connected supplicants
|
The number of supplicants connected to a port.
|
detail
|
show dot1x interface brief
user@switch> show dot1x interface [ge-0/0/1
ge-0/0/2 ge0/0/3] brief
Interface Role State MAC address
--------- ---- ----- ------------------
ge-0/0/1 Authenticator Authenticated 00:a0:d2:18:1a:c8
Authenticating 00:a0:e5:32:97:af
ge-0/0/2 Authenticator Connecting -
ge-0/0/3 Supplicant Authenticated 00:a6:55:f2:94:ae
show dot1x interface detail
user@switch> show dot1x interface ge-0/0/12.0
detail
ge-0/0/12.0
Role: Authenticator
Administrative state: Auto
Supplicant mode: Multiple
Number of retries: 5
Quiet period: 60 seconds
Transmit period: 60 seconds
Reauthentication: Enabled Reauthentication interval: 40 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 2
Guest VLAN member: v2
Number of clients bypassed because of authentication: 1
Client: 02:12:06:00:04:00 vlan: v1
Number of connected supplicants: 1
Supplicant: abc, 00:00:00:00:22:22
Operational state: Authenticated
Reauthentication due in 3588 seconds
