Verifying 802.1X Authentication - Dell PowerConnect J-EX4200-24T Software Manual

Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS

Verifying 802.1X Authentication

Purpose
Action
Meaning
2356
Verify that supplicants are being authenticated on an interface on a J-EX Series switch
with the interface configured for 802.1X authentication, and display the method of
authentication being used.
Display detailed information about an interface configured for 802.1X (here, the interface
is ):
ge-0/0/16
user@switch> show dot1x interface ge-0/0/16.0 detail
ge-0/0/16.0
Role: Authenticator
Administrative state: Auto
Supplicant mode: Single
Number of retries: 3
Quiet period: 60 seconds
Transmit period: 30 seconds
Mac Radius: Enabled
Mac Radius Strict: Disabled
Reauthentication: Enabled Reauthentication interval: 40 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 1
Guest VLAN member: <not configured>
Number of connected supplicants: 1
Supplicant: user5, 00:30:48:8C:66:BD
Operational state: Authenticated
Authentication method: Radius
Authenticated VLAN: v200
Reauthentication due in 17 seconds
The sample output from the
is 1. The supplicant that was authenticated and is now connected
of connected supplicants
to the LAN is known as user5
00:30:48:8C:66:BD . The supplicant was authenticated by means of the 802.1X
authentication method called
method is used, the supplicant is configured on the RADIUS server, the RADIUS server
communicates this to the switch, and the switch opens LAN access on the interface to
which the supplicant is connected. The sample output also shows that the supplicant is
connected to VLAN .
v200
Other 802.1X authentication methods supported on J-EX Series switches in addition to
the RADIUS method are:
—A nonresponsive host is granted Guest-VLAN access.
Guest VLAN
—A nonresponsive host is authenticated based on its MAC address. The
MAC Radius
MAC address is configured as permitted on the RADIUS server, the RADIUS server lets
the switch know that the MAC address is a permitted address, and the switch opens
LAN access to the nonresponsive host on the interface to which it is connected.
—If the RADIUS servers time out, all supplicants are denied access to
Server-fail deny
the LAN, preventing traffic from flowing from the supplicant through the interface. This
is the default.
show dot1x interface detail
on the RADIUS server and has the MAC address
authentication. When the
Radius
command shows that the
authentication
Radius
Number