Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

clear dot1x

 

Syntax

Release Information

Command introduced in Junos OS Release 9.0 for EX Series switches.

firewall option added in Junos OS Release 9.5 for EX Series switches.

Command introduced in Junos OS Release 14.2 for MX240, MX480, and MX960 routers in enhanced LAN mode.

Command introduced in Junos OS Release 14.1X53-D30 for the QFX Series.

Support for eapol-block introduced in Junos OS Releases 14.1X53-D40 and 15.1X53-D51 for EX Series switches.

Description

Reset the authentication state of an interface or delete 802.1X statistics from the switch. When you reset an interface using the interface or mac-address options, reauthentication on the interface is also triggered. The switch sends out a multicast message on the interface to restart the authentication of all connected supplicants. If a MAC address is reset, then the switch sends out a unicast message to that specific MAC address to restart authentication.

If a supplicant is sending traffic when the clear dot1x interface command is issued, the authenticator immediately initiates reauthentication. This process happens quickly, and it might seem that reauthentication did not occur. To verify that reauthentication has happened, issue the show dot1x interface detail command. The values for Reauthentication due and Reauthentication interval will be about the same.

Caution

When you clear the learned MAC addresses from an interface using the clear dot1x interface command, all MAC addresses are cleared, including those in static MAC bypass list.

If you have enabled Media Access Control Security (MACsec) using static secure association key (SAK) security mode on an EX Series switch, the SAKs are rotated when the clear dot1x command is entered. The clear dot1x command has no impact on MACsec when MACsec is enabled using static connectivity association keys (CAK) or any other security mode.

Options

eapol-blockClear EAPOL block on the interface and allow the switch to receive EAPOL messages from a supplicant connected to that interface.
firewall <counter-name>Clear 802.1X firewall counter statistics. If the counter-name option is specified, clear 802.1X firewall statistics for that counter.
interface <[interface-name]>Reset the authentication state of all the supplicants (also, clears all the authentication bypassed clients) connected to the specified interface (when the interface is an authenticator) or reset the authentication state for the interface itself (when the interface is a supplicant).
mac-address [mac-addresses]Reset the authentication state of the specified MAC addresses.
statistics <interface interface-name>Clear 802.1X statistics on all 802.1X-enabled interfaces. If the interface option is specified, clear 802.1X firewall statistics for that interface or interfaces.

Required Privilege Level

view

List of Sample Output

clear dot1x firewall

clear dot1x interface (Specific Interfaces)

clear dot1x mac-address (Specific MAC Address)

clear dot1x statistics interface (Specific Interface)

clear dot1x eapol-block

Sample Output

clear dot1x firewall

user@switch> clear dot1x firewall c1

clear dot1x interface (Specific Interfaces)

user@switch> clear dot1x interface ge-1/0/0 ge-2/0/0 ge-2/0/0 ge5/0/0

clear dot1x mac-address (Specific MAC Address)

user@switch> clear dot1x mac-address 00:04:ae:cd:23:5f

clear dot1x statistics interface (Specific Interface)

user@switch> clear dot1x statistics interface ge-1/0/1

clear dot1x eapol-block

user@switch> clear dot1x eapol-block