Mac-Radius - Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual

Complete Software Guide for Junos

mac-radius

Syntax
Hierarchy Level
Release Information
Description
Options
Required Privilege
Level
Related
Documentation
2918
®
OS for EX Series Ethernet Switches, Release 10.4
mac-radius <flap-on-disconnect> <restrict>;
[edit protocols dot1x authenticator interface interface-name]
Statement introduced in Junos OS Release 9.3 for EX Series switches.
Option
flap-on-disconnect
Configure MAC RADIUS authentication for specific interfaces. MAC RADIUS authentication
allows LAN access to permitted MAC addresses. When a new MAC address appears on
an interface, the switch consults the RADIUS server to check whether the MAC address
is a permitted address. If the MAC address is configured on the RADIUS server, the device
is allowed access to the LAN.
If MAC RADIUS is configured, the switch first tries to get a response from the host for
802.1X authentication. If the host is unresponsive, the switch attempts to authenticate
using MAC RADIUS.
To restrict authentication to MAC RADIUS only, use the
all 802.1X packets are eliminated and the attached device on the interface is considered
a nonresponsive host.
—(Optional) When the RADIUS server sends a disconnect message
flap-on-disconnect
to a supplicant, the switch resets the interface on which the supplicant is
authenticated. If the interface is configured for multiple supplicant mode, the switch
resets all the supplicants on the specified interface. This option takes effect only
when the option is also set.
restrict
restrict —(Optional) Restricts authentication to MAC RADIUS only. When
is configured the switch drops all 802.1X packets. This option is useful when
restrict
no other 802.1X authentication methods, such as guest VLAN, are needed on the
interface, and eliminates the delay that occurs while the switch determines that a
connected device is a non-802.1X-enabled host.
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
show dot1x on page 2978
Example: Configuring MAC RADIUS Authentication on an EX Series Switch on page 2784
Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations
on an EX Series Switch on page 2788
Configuring MAC RADIUS Authentication (CLI Procedure) on page 2833
Configuring 802.1X Interface Settings (CLI Procedure) on page 2829
Understanding Authentication on EX Series Switches on page 2746
introduced in Junos OS Release 9.4 for EX Series switches.
restrict option. In restrictive mode,
mac-radius
Copyright © 2010, Juniper Networks, Inc.