TechLibrary

Navigation

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

server-reject-vlan

Syntax

server-reject-vlan (vlan-id | vlan-name) { eapol-block; block-interval block-interval;}

Hierarchy Level

[edit protocols dot1x authenticator interface (all | [interface-names])]

Release Information

Statement introduced in Junos OS Release 9.3 for EX Series switches.

Description

For EX Series switches configured for 802.1X authentication, specify that when the switch receives an Extensible Authentication Protocol Over LAN (EAPoL) Access-Reject message during the authentication process between the switch and the RADIUS authentication server, supplicants attempting access to the LAN are granted access and moved to a specific VLAN. Any VLAN name or VLAN ID sent by a RADIUS server as part of the EAPoL Access-Reject message is ignored.

When you specify the VLAN ID or VLAN name, the VLAN must already be configured on the switch.

The remaining statements are explained separately.

Default

None

Options

vlan-id—Numeric identifier of the VLAN to which the supplicant is moved.

vlan-name—Name of the VLAN to which the supplicant is moved.

Required Privilege Level

routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.