reauthenticate (DHCP Local Server)
Statement introduced in Junos OS Release 17.4R1.
Support at the [edit ... system services dhcp-local-server dual-stack-group] hierarchy level introduced in Junos OS Release 18.1R1.
Enable DHCP client reauthentication, that is, trigger jdhcpd to request reauthentication from authd, which in turn reissues the RADIUS Access-Request for subscriber authentication. The purpose of the reauthentication is to change characteristics of the subscriber session, such as activating subscriber services or changing attributes. You can use reauthentication as an alternative to a RADIUS CoA request.
Starting in Junos OS Release 18.1R1, reauthentication can be triggered by discover and solicit messages in addition to the previously supported renew and rebind messages. The release also introduces reauthentication support for dual-stack, single-session subscribers.
You can specify that reauthentication occurs in response to all DHCP renew, rebind, discover, or solicit messages or only in response to discover and solicit messages that include a new (different) Agent Remote ID for the DHCP client.
You can use the Juniper Networks VSA, Reauthentication-On-Renew (26-206) as an alternative to the CLI configuration to enable reauthentication. The reauthenticate statement overrides the VSA when the VSA is present with a value of disable.
Reauthentication for dual-stack, single-session subscribers requires that the on-demand-address-allocation statement is configured for the dual-stack group. This is true whether you enable reauthentication with the reauthenticate statement or the Reauthenticate-On-Renew VSA (26-206).
You cannot configure both the reauthenticate statement and the remote-id-mismatch statement at the global level, [edit system services dhcp-local-server]. However, DHCP precedence rules do permit you to configure both statements when they are at different levels. For example, you can configure reauthenticate at the global level and remote-id-mismatch for DHCPv6 at the [edit system services dhcp-local-server dhcpv6] or for a specific group at the [edit system services dhcp-local-server group name] hierarchy level, and so on.
Reauthentication does not support Extensible Services Subscriber Management (essmd) services. Activation or deactivation of any such service causes the request to fail.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.