authentication-access-control (MX Series in Enhanced LAN Mode)
Syntax
authentication-access-control {
traceoptions {
file filename <files number> <size size> <world-readable
| no-world-readable> <match regex>;
flag flag ;
}
uac-policy;
authentication-profile-name access-profile-name;
no-mac-table-binding {
interface interface-names
static mac-address
}
static mac-address {
interface interface-names;
vlan-assignment (vlan-id |vlan-name);
}
interface (all | [ interface-names ]) {
session-expiry seconds;
quiet-period seconds;
reauthentication {
interval seconds;
}
retries number;
server-timeout seconds;
supplicant (single | single-secure | multiple);
dot1x {
disable;
guest-vlan (vlan-id | vlan-name);
mac-radius {
flap-on-disconnect;
restrict;
}
maximum-requests number;
no-reauthentication;
server-fail (deny | permit | use-cache | vlan-id | vlan-name);
server-reject-vlan (vlan-id | vlan-name) {
eapol-block;
block-interval block-interval;
}
supplicant-timeout seconds;
transmit-period seconds;
}
}
}
(captive-portal | no-captive-portal);
}
Hierarchy Level
[edit protocols]
Release Information
Statement introduced in Junos OS Release 14.2 for MX240, MX480, and MX960 routers in enhanced LAN mode.
Description
Configure an authenticator for 802.1X and captive-portal authentication.
The remaining statements are explained separately. See CLI Explorer.
You cannot configure 802.1X user authentication on interfaces that have been enabled for Q-in-Q tunneling.
Default
No static MAC address or VLAN is configured.
Required Privilege Level
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.