Statement introduced in Junos OS Release 11.2.
Support at the [edit protocols dot1x authenticator interface interface-name] hierarchy level introduced in Junos OS Releases 14.1X53-D40 and 15.1X53-D51 for EX Series switches.
captive-portal and mac-radius introduced in Junos OS Release 17.2R1.
Enable the device to ignore Extensible Authentication Protocol over LAN (EAPoL)-Start messages received from a client that has been authenticated so that the device does not trigger re-authentication. The device typically attempts to restart the authentication procedure by contacting the authentication server when it receives an EAPoL-Start message from a client—even for authenticated clients. You can configure the eapol-block statement to help prevent unnecessary downtime that can occur when the device waits for a response from the authentication server.
If you configure the device to block EAPoL-Start messages, when the device receives an EAPoL-Start message from an authenticated client, the device ignores the message and does not attempt to contact the authentication server for reauthentication. The existing authentication session that was established for the client remains open.
The EAPoL-Start messages are blocked only if the client is in the authenticated state. EAPoL-Start messages from new clients are accepted.
If the eapol-block statement is not configured, the device attempts to contact the authentication server to authenticate the client when it receives an EAPoL-Start message.
Default: 120 seconds.
Range: 120 through 65,535 seconds.
Required Privilege Level
routing—To view this statement in the
routing-control—To add this statement to the configuration.