- play_arrow Login Classes and Login Settings
- play_arrow User Accounts
- play_arrow Passwords for User Access
- play_arrow Trusted Platform Module
- play_arrow User Authentication
- play_arrow Remote Access Management
- play_arrow Configuring IEEE 802.1x Port-Based Network Access Control
- play_arrow Configuring IEEE 802.1x Port-Based Network Access Control in Enhanced LAN Mode
- 802.1X for MX Series Routers in Enhanced LAN Mode Overview
- Understanding 802.1X and LLDP and LLDP-MED on MX Series Routers in Enhanced LAN Mode
- Understanding 802.1X and RADIUS Accounting on MX Series Routers in Enhanced LAN Mode
- Understanding 802.1X and VoIP on MX Series Routers in Enhanced LAN Mode
- Understanding Guest VLANs for 802.1X on MX Series Routers in Enhanced LAN Mode
- Understanding Dynamic VLANs for 802.1X on MX Series Routers in Enhanced LAN Mode
- Understanding Server Fail Fallback and Authentication on MX Series Routers in Enhanced LAN Mode
- Configuring 802.1X RADIUS Accounting on MX Series Routers in Enhanced LAN Mode
- Configuring 802.1X Interface Settings on MX Series Routers in Enhanced LAN Mode
- Configuring LLDP-MED on MX Series Routers in Enhanced LAN Mode
- Configuring LLDP on MX Series Routers in Enhanced LAN Mode
- Configuring Server Fail Fallback on MX Series Routers in Enhanced LAN Mode
- Understanding Captive Portal Authentication on the MX Series Routers
- Understanding Authentication Session Timeout on MX Series Routers
- Authentication Process Flow for MX Series Routers in Enhanced LAN Mode
- Specifying RADIUS Server Connections on an MX Series Router in Enhanced LAN Mode
- Configuring Captive Portal Authentication on MX Series Routers in Enhanced LAN Mode
- Designing a Captive Portal Authentication Login Page on an MX Series Router
- Configuring Static MAC Bypass of Authentication on MX Series Routers in Enhanced LAN Mode
- Controlling Authentication Session Timeouts on an MX Series Router in Enhanced LAN Mode
- Configuring MAC RADIUS Authentication on MX Series Routers in Enhanced LAN Mode
- Example: Configuring MAC RADIUS Authentication on an MX Series Router
- Example: Setting Up Captive Portal Authentication on an MX Series Router
- Example: Connecting a RADIUS Server for 802.1X to an MX Series Router
- Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an MX Series Router
- Example: Configuring Static MAC Bypass of Authentication on an MX Series Router
- Example: Applying Firewall Filters to Multiple Supplicants on Interfaces Enabled for 802.1X or MAC RADIUS Authentication on MX Series Routers
- play_arrow Device Discovery
- play_arrow Domain Name Security
- play_arrow Permission Flags
- access
- access-control
- admin
- admin-control
- all
- clear
- configure
- control
- field
- firewall
- firewall-control
- floppy
- flow-tap
- flow-tap-control
- flow-tap-operation
- idp-profiler-operation
- interface
- interface-control
- maintenance
- network
- pgcp-session-mirroring
- pgcp-session-mirroring-control
- reset
- rollback
- routing
- routing-control
- secret
- secret-control
- security
- security-control
- shell
- snmp
- snmp-control
- system
- system-control
- trace
- trace-control
- view
- view-configuration
- play_arrow Configuration Statements and Operational Commands
Service-Type Attribute and Jumbo Frame Handling Overview
Service-Type Attribute support and Jumbo Frame handling are integral features that enhance network authentication and packet handling capabilities. The Service-Type Attribute enables the identification of service types requested or provided by the network access server (NAS) across different authentication modes, including MAC RADIUS, Extensible Authentication Protocol (EAP), and Captive Portal, each with specific Service-Type values such as Call Check, Framed, and Login. Jumbo Frame support extends the ability to process EAP packets with body lengths up to 4096 bytes, ensuring efficient handling of larger authentication packets. These features improve the system's robustness, providing granular service-type information and accommodating larger packet sizes, which are essential for maintaining high network performance and reliability. Additionally, supplementary functionalities like EAP packet fragmentation and enhanced memory usage management further bolster the system's capacity to handle complex authentication scenarios.
Benefits of Service-Type Attribute Support and Jumbo Frame Handling
Enhances network authentication reliability by supporting larger EAP packets up to 4096 bytes, ensuring that complex authentication data is transmitted without loss.
Provides detailed service-type information for various authentication modes, improving the granularity of user management and network service allocation.
Facilitates better network performance by allowing the system to efficiently process and fragment EAP packets that exceed the configured maximum transmission unit (MTU), ensuring seamless packet handling.
Increases the flexibility of authentication mechanisms, supporting MAC RADIUS, EAP, and Captive Portal modes, each with specific Service-Type values tailored to the service context.
Maintains system scalability with a minor increase in memory usage, ensuring that the network can support numerous clients without significant performance degradation.
Overview
Service-Type Attribute support and Jumbo Frame handling significantly enhance your network's authentication and packet processing capabilities. The Service-Type Attribute, which indicates the service type being requested or provided by the NAS, can be used in Access-Request and Access-Accept packets. This attribute is supported for MAC RADIUS, EAP, and Captive Portal authentication modes, each with specific Service-Type values—Call Check, Framed, and Login. This allows for more precise user management and service allocation, improving overall network efficiency.
Jumbo Frame support is another critical enhancement, enabling the processing of EAP packets with a body length exceeding the traditional 1496 bytes, up to a maximum of 4096 bytes. This support ensures that larger authentication packets, which are becoming increasingly common, are handled correctly without being dropped or fragmented unnecessarily. This capability is crucial for maintaining high performance and reliability within your network, especially in environments with complex authentication requirements.
Additionally, when the received EAP packet length exceeds the configured MTU limit on the interface, the packet will be fragmented and processed accordingly. This fragmentation mechanism ensures that even the largest EAP packets are managed efficiently without loss, optimizing the authentication process. While the implementation of these features does increase memory usage slightly—by approximately 2500 bytes per session—the trade-off is minimal compared to the substantial benefits in terms of network robustness and user experience.
CLI Commands
Understanding and configuring these features is streamlined through specific CLI commands.
For instance, the command run show dot1x accounting-attributes provides
detailed accounting attributes, including the new Service-Type field. This command aids in
monitoring and troubleshooting network authentication sessions by displaying essential
attributes such as NAS port, MAC address, called and calling station IDs, framed MTU,
session timeout, and more.
