- play_arrow Login Classes and Login Settings
- play_arrow User Accounts
- play_arrow Passwords for User Access
- play_arrow Trusted Platform Module
- play_arrow User Authentication
- play_arrow Remote Access Management
- play_arrow Access Control
- Access Control Authentication Methods
- Preventing Unauthorized Access to EX Series Switches Using Unattended Mode for U-Boot
- Preventing Unauthorized Access to EX Series Switches Using Unattended Mode for U-Boot
- RADIUS Server Configuration for Authentication
- RADIUS over TLS (RADSEC)
- 802.1X Authentication
- MAC RADIUS Authentication
- Service-Type Attribute and Jumbo Frame Handling Overview
- 802.1X and RADIUS Accounting
- Example: Setting Up 802.1X for Single-Supplicant or Multiple-Supplicant Configurations on an EX Series Switch
- Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an EX Series Switch
- Interfaces Enabled for 802.1X or MAC RADIUS Authentication
- Static MAC Bypass of 802.1X and MAC RADIUS Authentication
- Configuring PEAP for MAC RADIUS Authentication
- Captive Portal Authentication
- Flexible Authentication Order on EX Series Switches
- Server Fail Fallback and Authentication
- Authentication Session Timeout
- Central Web Authentication
- Dynamic VLAN Assignment for Colorless Ports
- VoIP on EX Series Switches
- play_arrow Configuring IEEE 802.1x Port-Based Network Access Control
- play_arrow Device Discovery
- play_arrow Domain Name Security
- play_arrow Permission Flags
- access
- access-control
- admin
- admin-control
- all
- clear
- configure
- control
- field
- firewall
- firewall-control
- floppy
- flow-tap
- flow-tap-control
- flow-tap-operation
- idp-profiler-operation
- interface
- interface-control
- maintenance
- network
- pgcp-session-mirroring
- pgcp-session-mirroring-control
- reset
- rollback
- routing
- routing-control
- secret
- secret-control
- security
- security-control
- shell
- snmp
- snmp-control
- system
- system-control
- trace
- trace-control
- view
- view-configuration
- play_arrow Configuration Statements and Operational Commands
Understanding Authentication Session Timeout on MX Series Routers
Starting with Junos OS Release 14.2, you can specify authentication session timeout values for captive portal authentication sessions and 802.1X and MAC RADIUS authentication sessions.
For captive portal authentication, the length of the session
depends on the value configured for the session-expiry statement.
The remainder of this topic pertains only to 802.1X and MAC RADIUS
authentication sessions.
For 802.1X and MAC RADIUS authentication sessions, the timeout of the session depends on the value of reauthentication interval for dot1x authentication. The authentication session might also end when the MAC table aging time expires because, unless you configure it not to, the session is removed from the authentication session table when the MAC address is removed from the Ethernet switching table.
Information about each 802.1X and MAC RADIUS authentication session—including the associated interfaces and VLANs for each MAC address that is authenticated by 802.1X authentication or MAC RADIUS authentication—is stored in the authentication session table. The authentication session table is tied to the Ethernet switching table (also called the MAC table). Each time the switch detects traffic from a MAC address, it updates the timestamp for that network node in the Ethernet switching table. A timer on the switch periodically checks the timestamp and if its value exceeds the user-configured mac-table-aging-time value, the switch removes the MAC address from the Ethernet switching table. When a MAC address ages out of the Ethernet switching table, the entry for that MAC address is also removed from the authentication database, with the result that the session ends.
You can control variables affecting timeout of authentication sessions in the following ways:
Set the authentication session timeout on all interfaces or on selected interfaces using the
reauthenticationstatement.Disassociate the authentication session table from the Ethernet switching table using the
no-mac-table-bindingstatement. This setting prevents the termination of the authentication session when the associated MAC address ages out of the Ethernet switching table.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
