supplicant
Syntax
supplicant {
interface interface-name {
local-certificate certificate-id;
authentication-method eap-tls;
user-id user-id;
}
}
Hierarchy Level
[edit protocols dot1x]
Description
Configure the interface as a supplicant for 802.1X authentication. You can configure an interface to act as both an authenticator and as a supplicant on a link connecting switches or routers. This can be a switch-to-switch, switch-to-router, or router-to-router link. This enables the devices to authenticate each other, which is required to secure the link using MACsec in dynamic connectivity association key (CAK) mode.
MACsec in dynamic CAK mode relies on certificate-based validation using Extensible Authentication Protocol – Transport Layer Security (EAP-TLS). You must configure the supplicant interface to use EAP-TLS and assign a digital certificate to the interface.
Supplicant interfaces do not support captive portal or MAC RADIUS authentication.
Options
| local-certificate certificate-id |
Specify the the local certificate for the supplicant interface when the local device has multiple loaded certificates. |
| authentication-method (eap-tls | eap-md5) |
Configure the authentication method for the supplicant. To support MACsec in dynamic CAK mode, you must configure EAP-TLS authentication. |
| user-id user-id |
Configure the user ID. |
| password password |
Configure the password. |
Required Privilege Level
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 22.2R1.