Supported Platforms
Related Documentation
- EX Series
- show dot1x
- Example: Configuring MAC RADIUS Authentication on an EX Series Switch
- Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch
- Configuring MAC RADIUS Authentication (CLI Procedure)
- Configuring 802.1X Interface Settings (CLI Procedure)
- Understanding Authentication on EX Series Switches
mac-radius
Syntax
Hierarchy Level
Release Information
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Option flap-on-disconnect introduced in Junos OS Release 9.4 for EX Series switches.
Description
Configure MAC RADIUS authentication for specific interfaces. MAC RADIUS authentication allows LAN access to permitted MAC addresses. When a new MAC address appears on an interface, the switch consults the RADIUS server to check whether the MAC address is a permitted address. If the MAC address is configured on the RADIUS server, the device is allowed access to the LAN.
If MAC RADIUS is configured, the switch first tries to get a response from the host for 802.1X authentication. If the host is unresponsive, the switch attempts to authenticate using MAC RADIUS.
To restrict authentication to MAC RADIUS only, use the restrict option. In restrictive mode, all 802.1X packets are eliminated and the attached device on the interface is considered a nonresponsive host.
Options
flap-on-disconnect—(Optional) When the RADIUS server sends a disconnect message to a supplicant, the switch resets the interface on which the supplicant is authenticated. If the interface is configured for multiple supplicant mode, the switch resets all the supplicants on the specified interface. This option takes effect only when the restrict option is also set.
restrict—(Optional) Restricts authentication to MAC RADIUS only. When mac-radius restrict is configured the switch drops all 802.1X packets. This option is useful when no other 802.1X authentication methods, such as guest VLAN, are needed on the interface, and eliminates the delay that occurs while the switch determines that a connected device is a non-802.1X-enabled host.
Required Privilege Level
routing—To view this statement in the
configuration.
routing-control—To add this statement
to the configuration.
Related Documentation
- EX Series
- show dot1x
- Example: Configuring MAC RADIUS Authentication on an EX Series Switch
- Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch
- Configuring MAC RADIUS Authentication (CLI Procedure)
- Configuring 802.1X Interface Settings (CLI Procedure)
- Understanding Authentication on EX Series Switches
Published: 2012-12-06
Supported Platforms
Related Documentation
- EX Series
- show dot1x
- Example: Configuring MAC RADIUS Authentication on an EX Series Switch
- Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch
- Configuring MAC RADIUS Authentication (CLI Procedure)
- Configuring 802.1X Interface Settings (CLI Procedure)
- Understanding Authentication on EX Series Switches
