- Download PDFs
-
mac-radius
- Related Topics
- show dot1x
- Example: Setting Up 802.1X for Nonresponsive Hosts on an EX-series Switch and a RADIUS Server
- Configuring MAC RADIUS Authentication (CLI Procedure)
- Configuring 802.1X Authentication (CLI Procedure)
- Configuring 802.1X Authentication (J-Web Procedure)
- Understanding 802.1X MAC RADIUS Authentication on EX-series Switches
mac-radius
Syntax
- mac-radius <restrict>;
Hierarchy Level
- [edit protocols dot1x authenticator interface interface-name]
Release Information
Statement introduced in JUNOS Release 9.3 for EX-series switches.
Description
Configure 802.1X MAC RADIUS authentication for specific interfaces. MAC RADIUS authentication allows LAN access to permitted MAC addresses. When a new MAC address appears on an interface, the switch consults the RADIUS server to check whether the MAC address is a permitted address. If the MAC address is configured on the RADIUS server, the device is allowed access to the LAN.
You can configure other 802.1X authentication methods on a single interface except when the optional keyword restrict is configured for MAC RADIUS. In restrictive mode, all 802.1X packets are eliminated, and the attached device on the interface is considered a nonresponsive host.
Options
-
restrict—(Optional) Eliminates the normal 90-second delay needed by the switch to determine if the device connected to an interface is a responsive host (802.1X-enabled) or a nonresponsive host.
Required Privilege Level
routing—To view this statement in the
configuration.
routing-control—To add this statement
to the configuration.