Table of Contents
Advertisement
Table 388: show dot1x Output Fields (continued)
Field Name
Field Description
The 802.1X authentication method used for a supplicant:
Authentication
method
Guest VLAN
MAC Radius
The MAC address is configured as permitted on the RADIUS server, the
RADIUS server lets the switch know that the MAC address is a permitted
address, and the switch opens LAN access to the nonresponsive host on the
interface to which it is connected.
Radius
communicates this to the switch, and the switch opens LAN access on the
interface to which the supplicant is connected.
Server-fail deny
access to the LAN, preventing traffic from flowing from the supplicant through
the interface. This is the default.
Server-fail permit
still permitted access to the LAN as if the supplicant had been successfully
authenticated by the RADIUS server.
Server-fail use-cache
previously authenticated supplicants are reauthenticated, but new supplicants
are denied LAN access.
Server-fail VLAN
if the RADIUS server is unavailable to reauthenticate the supplicant. (The
VLAN must already exist on the switch.)
The VLAN to which the supplicant is connected.
Authenticated VLAN
User policy filter sent by the RADIUS server.
Dynamic filter
The configured reauthentication interval.
Session Reauth
interval
The number of seconds in which reauthentication will occur again for the
Reauthentication due
connected supplicant.
in
show dot1x interface
show dot1x interface
brief
brief
show dot1x interface
detail
Copyright © 2010, Juniper Networks, Inc.
—A supplicant is connected to the LAN through the guest VLAN.
—A nonresponsive host is authenticated based on its MAC address.
—A supplicant is configured on the RADIUS server, the RADIUS server
—If the RADIUS servers time out, all supplicants are denied
—When the RADIUS server is unavailable, a supplicant is
—If the RADIUS servers time out during reauthentication,
—A supplicant is configured to be moved to a specified VLAN
user@switch> show dot1x interface [ge-0/0/1 ge-0/0/2 ge0/0/3] brief
Interface Role
--------- ----
ge-0/0/1
Authenticator Authenticated
ge-0/0/2
Authenticator Connecting
ge-0/0/3
Supplicant
user@switch> show dot1x interface ge-0/0/16.0 detail
ge-0/0/16.0
Role: Authenticator
Administrative state: Auto
Supplicant mode: Single
Number of retries: 3
Quiet period: 60 seconds
Transmit period: 30 seconds
Chapter 92: Operational Commands for Access Control
State
MAC address
-----
------------------
00:a0:d2:18:1a:c8
Authenticating 00:a0:e5:32:97:af
-
Authenticated
00:a6:55:f2:94:ae
Level of Output
detail
detail
detail
detail
detail
2981
Advertisement
Chapters
Table of Contents
Troubleshooting
