Statement introduced in Junos OS Release 18.3R1.
Configure multi-domain authentication to restrict the number of authenticated data and VoIP sessions on the port. Multi-domain authentication is an extension of multiple supplicant mode for 802.1X authentication, and is designed to support VoIP and data clients on the same interface. The interface is divided into two domains; one is the data domain and the other is the voice domain.
In multiple supplicant mode, any number of VoIP or data sessions can be authenticated; the number of sessions can be restricted using MAC limiting, but there is no way to apply the limit specifically to either data or VoIP sessions. Multi-domain authentication maintains separate session counts based on the domain type.
The data device can be authenticated using 802.1X authentication or MAC RADIUS authentication. Multi-domain authentication does not enforce the order of authentication. For best results, the VoIP device should be authenticated before the data device.
You can configure the maximum number of authenticated data sessions allowed on the interface using the max-data-session statement. The number of VoIP sessions is not configurable; only one authenticated VoIP session is allowed.
If a new client attempts to authenticate on the interface after the maximum session count has been reached, the default action is to drop the packet and generate an error log message. You can also configure the action to shut down the interface. The port can be manually recovered from the down state by issuing the clear dot1x recovery-timeout command, or can recover automatically after a recovery timeout period. To configure automatic recovery, use the recovery-timeout option.
Range: 1 through 1,000 sessions
Values: Specify one of the following:
drop-and-log—Drop the packet and generate an error syslog message.
shutdown—Shut down the interface.
Range: 60 through 3600 seconds
Required Privilege Level
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.