Command introduced in Junos OS Release 9.0 for EX Series switches.
Command introduced in Junos OS Release 14.1X53-D30 for the QFX Series.
Command introduced in Junos OS Release 14.2 for MX240, MX480, and MX960 routers in enhanced LAN mode.
Display the current operational state of all ports with the list of connected users.
This command displays the list of connected supplicants received from the RADIUS authentication server regardless of the session state—that is, for both authenticated supplicants and for supplicants that attempted authentication.
Required Privilege Level
List of Sample Outputshow dot1x interface brief
show dot1x interface detail
Table 1 lists the output fields for the show dot1x command. Output fields are listed in the approximate order in which they appear.
Table 1: show dot1x Output Fields
Level of Output
Name of a port.
The MAC address of the connected supplicant on the port.
The 802.1X authentication role of the interface. When 802.1X is enabled on an interface, the role is Authenticator. As Authenticator, the interface blocks LAN access until a supplicant is authenticated through 802.1X or MAC RADIUS authentication.
The state of the port:
The username of the connected supplicant.
The administrative state of the port:
The mode for the supplicant:
The number of seconds the port waits following a failed authentication exchange with the supplicant before reattempting the authentication. The default value is 60 seconds. The range is 0 through 65,535 seconds.
The number of seconds the port waits before retransmitting the initial EAPOL PDUs to the supplicant. The default value is 30 seconds. The range is 1 through 65,535 seconds.
MAC RADIUS authentication:
MAC radius authentication protocol
MAC RADIUS authentication protocol:
MAC radius restrict
The authentication method is restricted to MAC RADIUS only. 802.1X authentication is not enabled.
The reauthentication state:
The number of seconds the port waits for a response when relaying a request from the authentication server to the supplicant before resending the request. The default value is 30 seconds. The range is 1 through 60 seconds.
The number of seconds the port waits for a reply when relaying a response from the supplicant to the authentication server before timing out. The default value is 30 seconds. The range is 1 through 60 seconds.
Maximum EAPOL requests
The maximum number of times an EAPOL request packet is retransmitted to the supplicant before the authentication session times out. The default value is 2. The range is 1 through 10.
Number of clients bypassed because of authentication
The number of non-802.1X clients granted access to the LAN by means of static MAC bypass. The following fields are displayed:
Guest VLAN member
The VLAN to which a supplicant is connected when the supplicant is authenticated using a guest VLAN. If a guest VLAN is not configured on the interface, this field displays <not configured>.
Multi domain data session count
The number of data sessions that have been authenticated on a multi-domain authentication interface.
Number of connected supplicants
The number of supplicants connected to a port.
The username and MAC address of the connected supplicant.
The authentication method used for a supplicant:
The VLAN to which the supplicant is connected.
User policy filter sent by the RADIUS server.
Session Reauth interval
The configured reauthentication interval.
Reauthentication due in
The number of seconds in which reauthentication will occur again for the connected supplicant.
Session Accounting Interim Interval
The number of seconds between interim RADIUS accounting messages.
Accounting Update due in
The number of seconds until the next interim RADIUS accounting update is due.
CWA Redirect URL
The URL used to redirect the supplicant to a central Web server for authentication.
Shows whether EAPOL block is in effect or not in effect.
show dot1x interface brief
user@switch> show dot1x interface brief
802.1X Information: Interface Role State MAC address User ge-0/0/1 Authenticator Authenticated 00:a0:d2:18:1a:c8 user1 ge-0/0/2 Authenticator Connecting ge-0/0/3 Authenticator Held 00:a6:55:f2:94:ae user3
show dot1x interface detail
user@switch> show dot1x interface ge-0/0/16.0 detail
ge-0/0/16.0 Role: Authenticator Administrative state: Auto Supplicant mode: Single Number of retries: 3 Quiet period: 60 seconds Transmit period: 30 seconds Mac Radius: Enabled Mac Radius Restrict: Disabled Mac Radius Authentication Protocol: PAP Reauthentication: Enabled Configured Reauthentication interval: 3600 seconds Supplicant timeout: 30 seconds Server timeout: 30 seconds Maximum EAPOL requests: 2 Guest VLAN member: <not configured> Number of connected supplicants: 2 Supplicant: abc, 00:30:48:8C:66:BD Operational state: Authenticated Authentication method: Radius Authenticated VLAN: v200 Session Reauth interval: 3600 seconds Reauthentication due in 3587 seconds Eapol-Block: Not In Effect Supplicant: 000303030303, 00:03:03:03:03:03 Operational state: Authenticated Backend Authentication state: Idle Authentication method: Mac Radius Authenticated VLAN: dyn_vlan2 Session Reauth interval: 3600 seconds Reauthentication due in 3587 seconds Eapol-Block: In Effect