Controlling Authentication Session Timeouts on an MX Series Router in Enhanced LAN Mode
Starting with Junos
OS Release 14.2, for 802.1X and MAC RADIUS authentication sessions,
you can specify authentication session timeout values using the reauthentication statement.
The session might also end when the MAC table aging time expires,
because the session is removed from the authentication session table
when the MAC address is removed from the Ethernet switching table.
In order to prevent the session from being removed from the authentication
session table, you must disassociate the authentication table from
the Ethernet switching table using the no-mac-table-binding statement.
Before you begin:
Specify the RADIUS server or servers to be used as the authentication server.
Configure 802.1X authentication on the router.
To configure the authentication session time on all interfaces:
[edit] user@router# set protocols authentication-access-control interface all dot1x reauthentication seconds;
To configure the authentication session time on a single interface:
[edit] user@router# set protocols authentication-access-control interface interface-name dot1x reauthentication seconds;
To disable removal of authentication sessions from the authentication session table when a MAC address ages out of the Ethernet switching table, remove the binding of the authentication table to the Ethernet switching table.
To remove the binding on all interfaces:
[edit] user@router# set protocols authentication-access-control no-mac-table-binding interface all;
To remove the binding on a single interface:
[edit] user@router# set protocols authentication-access-control no-mac-table-binding interface interface-name;
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
reauthentication statement.