static (802.1X)
Syntax
static mac-address {
bridge-domain-assignment bridge-domain-assignment;
interface [interface-names];
vlan-assignment (vlan-id |vlan-name );
}
Hierarchy Level
[edit protocols dot1x authenticator]
Description
Configure MAC addresses to exclude from 802.1X authentication. The static MAC list provides an authentication bypass mechanism for supplicants connecting to a port, permitting devices such as printers that are not 802.1X-enabled to be connected to the network on 802.1X-enabled ports.
Using this 802.1X authentication-bypass mechanism, the supplicant connected to the MAC address is assumed to be successfully authenticated and the port is opened for it. No further authentication is done for the supplicant.
You can optionally configure the VLAN so that the supplicant is moved to or the interfaces on which the MAC address can gain access from.
Options
| mac-address | The MAC address of the device for which 802.1X authentication should be bypassed and the device permitted access to the port. |
| bridge-domain-assignment bridge-domain-assignment | (MX Series only) Specify the bridge-domain name or 802.1q tag identifier for the MAC address that should be allowed to bypass RADIUS authentication. |
| interface [interface-names] | Specify a list of interfaces on which the specified MAC addresses are allowed to bypass RADIUS authentication and allowed to connect to the LAN without authentication. |
| vlan-assignment (vlan-id | vlan-name | (EX, QFX, and SRX Series only) Specify the VLAN 802.1q tag identifier or VLAN name associated with the list of MAC addresses that should be allowed to bypass RADIUS authentication. |
Required Privilege Level
routing—To view this statement in the configuration.routing-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.0.