Statement introduced in Junos OS Release 11.2 for EX Series switches.
Statement introduced in Junos OS Release 14.1X53-D30 for the QFX Series.
Support at the [edit protocols dot1x authenticator interface interface-name] hierarchy level introduced in Junos OS Releases 14.1X53-D40 and 15.1X53-D51 for EX Series switches.
Support for options mac-radius and captive-portal introduced in Junos OS Release 17.2R1.
Enable the switch to ignore Extensible Authentication Protocol over LAN (EAPoL)-Start messages received from a client that has been authenticated so that the switch does not trigger re-authentication. The switch typically attempts to restart the authentication procedure by contacting the authentication server when it receives an EAPoL-Start message from a client—even for authenticated clients. You can configure the eapol-block statement to help prevent unnecessary downtime that can occur when the switch waits for a response from the authentication server.
If you configure the switch to block EAPol-Start messages, when the switch receives an EAPoL-Start message from an authenticated client, the switch ignores the message and does not attempt to contact the authentication server for reauthentication. The existing authentication session that was established for the client remains open.
The EAPoL-Start messages are blocked only if the client is in the authenticated state. EAPoL-Start messages from new clients are accepted.
If the eapol-block statement is not configured, the switch attempts to contact the authentication server to authenticate the client when it receives an EAPoL-Start message.
Default: 120 seconds.
Range: 120 through 65,535 seconds.
Required Privilege Level
routing—To view this statement in the
routing-control—To add this statement to the configuration.