Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

server-reject-bridge-domain | server-reject-vlan

Syntax

Hierarchy Level

Description

For a device configured for 802.1X authentication, specify that when the device receives an Extensible Authentication Protocol Over LAN (EAPoL) Access-Reject message during the authentication process between the device and the RADIUS authentication server, supplicants attempting to access the LAN are granted access and moved to a specific bridge domain or VLAN. Any bridge domain, VLAN name or VLAN ID sent by a RADIUS server as part of the EAPoL Access-Reject message is ignored.

When you specify the bridge domain, VLAN ID, VLAN name, or GBP-tag, bridge domain or VLAN must already be configured on the device.

Default

None

Options

server-reject-bridge-domain bridge-domain

(MX Series only) Move the supplicant on the interface to the bridge domain specified by this name or numeric identifier.
server-reject-vlan (vlan-id | vlan-name

(MX Series in enhanced LAN mode, EX, QFX, and SRX Series only) Move the supplicant on the interface to the VLAN specified by this name or numeric identifier.
block-interval seconds

Specify the number of seconds that the 802.1X interface ignores Extensible Authentication Protocol (EAP) start messages from the client when an EAPoL block has been enabled on the 802.1X interface.

  • Range: 120 through 65,535 seconds
gbp-tag gbp-tag

Specify the GBP tag to apply when RADIUS rejects the client authentication. If you configure the gbp-tag gbp-tag and the client authenticates in server-reject vlan, then the configured gbp-tag filter is also installed for the client. You can only configure the server-reject gbp-tag gbp-tag when the server-reject-vlan vlan-id option is configured.

  • Range: 1 through 65,535

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.

Required Privilege Level

routing—To view this statement in the configuration.routing-control—To add this statement to the configuration.

Release Information

gbp-tag gbp-tag introduced in Junos OS Release 23.4R1 for EX and QFX Series switches.

server-reject-vlan introduced in Junos OS Release 9.3 for EX Series.

block-interval introduced in Junos OS Release 11.2 for EX Series.

server-reject-vlan introduced in Junos OS Release 14.2 for MX240, MX480, and MX960 routers in enhanced LAN mode.

Related Documentation