Server-Reject-Vlan - Juniper JUNOS OS 10.3 - SOFTWARE Manual

Complete Software Guide for Junos

server-reject-vlan

Syntax
Hierarchy Level
Release Information
Description
Default
Options
Required Privilege
Level
Related
Documentation
2724
®
OS for EX Series Ethernet Switches, Release 10.3
server-reject-vlan (vlan-id | vlan-name);
[edit protocols dot1x authenticator interface (all | [interface-names])]
Statement introduced in Junos OS Release 9.3 for EX Series switches.
For EX Series switches configured for 802.1X authentication, specify that when the switch
receives an Extensible Authentication Protocol Over LAN (EAPOL) Access-Reject message
during the authentication process between the switch and the RADIUS authentication
server, supplicants attempting access to the LAN are granted access and moved to a
specific VLAN. Any VLAN name or VLAN ID sent by a RADIUS server as part of the EAPOL
Access-Reject message is ignored.
When you specify the VLAN ID or VLAN name, the VLAN must already be configured on
the switch.
None
vlan-id —Numeric identifier of the VLAN to which the supplicant is moved.
—Name of the VLAN to which the supplicant is moved.
vlan-name
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
show dot1x on page 2757
Example: Connecting a RADIUS Server for 802.1X to an EX Series Switch on page 2545
Configuring Server Fail Fallback (CLI Procedure) on page 2615
Understanding Server Fail Fallback and 802.1X Authentication on EX Series Switches
on page 2536
Copyright © 2010, Juniper Networks, Inc.