• Downloads
• Configuring 802.1X Interface Settings (CLI Procedure)    

• Related Topics
• Configuring 802.1X Authentication (J-Web Procedure)
• Example: Setting Up VoIP with 802.1X and LLDP-MED on an EX Series Switch
• Monitoring 802.1X Authentication
• Verifying 802.1X Authentication
• Configuring LLDP (CLI Procedure)
• Understanding 802.1X Authentication on EX Series Switches

Configuring 802.1X Interface Settings (CLI Procedure)

IEEE 802.1X authentication provides network edge security, protecting Ethernet LANs from unauthorized user access by blocking all traffic to and from a supplicant (client) at the interface until the supplicant's credentials are presented and matched on the authentication server (a RADIUS server). When the supplicant is authenticated, the switch stops blocking access and opens the interface to the supplicant.

Note: You can also specify an 802.1X exclusion list to specify supplicants can that can bypass authentication and be automatically connected to the LAN. See Configuring Static MAC Bypass of Authentication (CLI Procedure).

Before you begin, specify the RADIUS server or servers to be used as the authentication server. See Specifying RADIUS Server Connections on an EX Series Switch (CLI Procedure).

To configure 802.1X on an interface:

1. Configure the supplicant mode as single (authenticates the first supplicant), single-secure (authenticates only one supplicant), or multiple (authenticates multiple supplicants):
   
   

   [edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5 supplicant multiple
2. Enable reauthentication and specify the reauthentication interval:
   
   

   [edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5/0 reauthentication interval 5
3. Configure the interface timeout value for the response from the supplicant:
   
   

   [edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5 supplicant-timeout 5
4. Configure the timeout for the interface before it resends an authentication request to the RADIUS server:
   
   

   [edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5 server-timeout 5
5. Configure how long, in seconds, the interface waits before retransmitting the initial EAPOL PDUs to the supplicant:
   
   

   [edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5 transmit-period 60
6. Configure the maximum number of times an EAPOL request packet is retransmitted to the supplicant before the authentication session times out:
   
   

   [edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5 maximum-requests 5