- play_arrow Login Classes and Login Settings
- play_arrow User Accounts
- play_arrow Passwords for User Access
- play_arrow Trusted Platform Module
- play_arrow User Authentication
- play_arrow Remote Access Management
- play_arrow Configuring IEEE 802.1x Port-Based Network Access Control
- play_arrow Configuring IEEE 802.1x Port-Based Network Access Control in Enhanced LAN Mode
- 802.1X for MX Series Routers in Enhanced LAN Mode Overview
- Understanding 802.1X and LLDP and LLDP-MED on MX Series Routers in Enhanced LAN Mode
- Understanding 802.1X and RADIUS Accounting on MX Series Routers in Enhanced LAN Mode
- Understanding 802.1X and VoIP on MX Series Routers in Enhanced LAN Mode
- Understanding Guest VLANs for 802.1X on MX Series Routers in Enhanced LAN Mode
- Understanding Dynamic VLANs for 802.1X on MX Series Routers in Enhanced LAN Mode
- Understanding Server Fail Fallback and Authentication on MX Series Routers in Enhanced LAN Mode
- Configuring 802.1X RADIUS Accounting on MX Series Routers in Enhanced LAN Mode
- Configuring 802.1X Interface Settings on MX Series Routers in Enhanced LAN Mode
- Configuring LLDP-MED on MX Series Routers in Enhanced LAN Mode
- Configuring LLDP on MX Series Routers in Enhanced LAN Mode
- Configuring Server Fail Fallback on MX Series Routers in Enhanced LAN Mode
- Understanding Captive Portal Authentication on the MX Series Routers
- Understanding Authentication Session Timeout on MX Series Routers
- Authentication Process Flow for MX Series Routers in Enhanced LAN Mode
- Specifying RADIUS Server Connections on an MX Series Router in Enhanced LAN Mode
- Configuring Captive Portal Authentication on MX Series Routers in Enhanced LAN Mode
- Designing a Captive Portal Authentication Login Page on an MX Series Router
- Configuring Static MAC Bypass of Authentication on MX Series Routers in Enhanced LAN Mode
- Controlling Authentication Session Timeouts on an MX Series Router in Enhanced LAN Mode
- Configuring MAC RADIUS Authentication on MX Series Routers in Enhanced LAN Mode
- Example: Configuring MAC RADIUS Authentication on an MX Series Router
- Example: Setting Up Captive Portal Authentication on an MX Series Router
- Example: Connecting a RADIUS Server for 802.1X to an MX Series Router
- Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an MX Series Router
- Example: Configuring Static MAC Bypass of Authentication on an MX Series Router
- Example: Applying Firewall Filters to Multiple Supplicants on Interfaces Enabled for 802.1X or MAC RADIUS Authentication on MX Series Routers
- play_arrow Device Discovery
- play_arrow Domain Name Security
- play_arrow Permission Flags
- access
- access-control
- admin
- admin-control
- all
- clear
- configure
- control
- field
- firewall
- firewall-control
- floppy
- flow-tap
- flow-tap-control
- flow-tap-operation
- idp-profiler-operation
- interface
- interface-control
- maintenance
- network
- pgcp-session-mirroring
- pgcp-session-mirroring-control
- reset
- rollback
- routing
- routing-control
- secret
- secret-control
- security
- security-control
- shell
- snmp
- snmp-control
- system
- system-control
- trace
- trace-control
- view
- view-configuration
- play_arrow Configuration Statements and Operational Commands
Server Fail Fallback and Authentication
Configuring RADIUS Reachability to Reauthenticate Server Fail Sessions
When an authentication attempt triggers server fail fallback, the end device can
reattempt authentication after a period of time. The default time interval that
the end device must wait for reauthentication is 60 minutes. The
reauthentication time interval can be configured using the
reauthentication CLI statement.
The server might become available before the reauthentication timer expires. When the RADIUS reachability feature is enabled, it triggers reauthentication once it detects that the server is reachable, without waiting for the reauthentication timer to expire. Once a session moves to server fail fallback, the authenticator will periodically query the server by initiating authentication for that session. When the authenticator receives a response, indicating that the server is reachable, it will initiate authentication for all server fail sessions.
To enable RADIUS reachability, you must configure the query period, which determines how often the authenticator queries the server for reachability. Configure the query period using the following command:
set protocols dot1x authenticator radius-reachability query-period
The query period can not be longer than the quiet period. The quiet period is the period during which the interface remains in the wait state following a failed authentication attempt before reattempting authentication.
