dot1x
Syntax
dot1x {
authenticator {
authentication-profile-name access-profile-name;
interface (all | [ interface-names ]) {
authentication-order (captive-portal | dot1x | mac-radius);
disable;
guest-bridge-domain guest-bridge-domain;
guest-vlan guest-vlan;
ignore-port-bounce;
mac-radius {
authentication-protocol {
eap-md5;
eap-peap {
resume;
}
pap;
}
flap-on-disconnect;
restrict;
}
maximum-requests number;
multi-domain {
max-data-session max-data-session;
packet-action (drop-and-log | shutdown);
recovery-timeout seconds;
}
(no-reauthentication | reauthentication interval );
no-tagged-mac-authentication;
quiet-period seconds;
redirect-url redirect-url;
retain-mac-aged-session;
retries number;
server-fail (bridge-domain bridge-domain | deny | permit | use-cache | vlan-name vlan-name);
server-fail-voip (deny | permit | use-cache | vlan-name vlan-name);
server-reject-bridge-domain bridge-domain {
block-interval seconds;
eapol-block;
}
server-reject-vlan (vlan-id | vlan-name) {
block-interval block-interval;
eapol-block;
}
server-timeout seconds;
supplicant (single | single-secure | multiple);
supplicant-timeout seconds;
transmit-period seconds;
}
ip-mac-session-binding;
no-mac-table-binding;
radius-options {
add-interface-text-description;
use-vlan-id;
use-vlan-name;
}
static mac-address {
bridge-domain-assignment bridge-domain-assignment;
interface interface;
vlan-assignment vlan-identifier;
}
}
}
ssl-certificate-path path-name;
traceoptions {
file filename <files files> <size size> <(world-readable | no-world-readable)>;
flag (all | config-internal | dot1x-debug | dot1x-event | dot1x-ipc | eapol | esw-if | general | iccp | normal | parse | state | task | timer | vlan) {
disable;
}
}
}
Hierarchy Level
[edit logical-systems name protocols], [edit protocols]
Description
Configure IEEE 802.1X authentication for Port-Based Network Access Control. 802.1X authentication is supported on interfaces that are members of private VLANs (PVLANs).
Default
802.1X is disabled.
Options
| ssl-certificate-path path-name | Specify the file path for SSL certificates if you
are not using the default path. The default path for SSL certificates
is |
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
routing—To view this statement in the configuration.routing-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.0.
ssl-certificate-path introduced in Junos OS Release
19.4.
ip-mac-session-binding introduced in Junos OS Release
20.2