[Prev][Next][Report an Error]

Configuring Authentication Features (J-Web)

To configure 802.1X settings using the J-Web interface:

  1. From the Configure menu, select Security > 802.1X.

    The 802.1X screen displays a list of interfaces, whether 802.1X security has been enabled, and the assigned port role.

    When you select a particular interface, the Details section displays 802.1X details for the selected interface.

    Note: After you make changes to the configuration, click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit.

  2. Click one:

Table 222: RADIUS Server Settings



Your Action

IP Address

Specifies the IP address of the server.

Enter the IP address in dotted decimal notation.


Specifies the login password.

Enter the password.

Confirm Password

Verifies the login password for the server.

Reenter the password.

Server Port Number

Specifies the port with which the server is associated.

Type the port number.

Source Address

Specifies the source address of the SRX Series device for communicating with the server.

Type the IP address in dotted decimal notation.

Retry Attempts

Specifies the number of login retries allowed after a login failure.

Type the number.


Specifies the time interval to wait before the connection to the server is closed.

Type the interval in seconds.

Table 223: 802.1X Exclusion List



Your Action

MAC Address

Specifies the MAC address to be excluded from 802.1X authentication.

Enter the MAC address.

Exclude if connected through the port

Specifies that a supplicant can bypass authentication if it is connected through a particular interface.

Select to enable the option. Select the port through which the supplicant is connected.

Move the host to the VLAN

Moves the host to a specific VLAN once the host is authenticated.

Select to enable the option. Select the VLAN from the list.

Table 224: 802.1X Port Settings



Your Action

Supplicant Mode

Supplicant Mode

Specifies the mode to be adopted for supplicants:

  • Single—allows only one host for authentication.
  • Multiple—allows multiple hosts for authentication. Each host is checked before being admitted to the network.
  • Single authentication for multiple hosts—allows multiple hosts but only the first is authenticated.

Select the required mode.


Enable re-authentication

Specifies enabling reauthentication on the selected interface.

Select to enable reauthentication. Enter the timeout for reauthentication in seconds.

Action for nonresponsive hosts

Specifies the action to be taken in case a supplicant is non-responsive:

  • Move to the Guest VLAN—moves the supplicant to the specified Guest VLAN.
  • Deny—does not permit access to the supplicant.

Select the desired action.


Specifies timeout values for:

  • Port waiting time after an authentication failure
  • EAPOL re-transmitting interval
  • Maximum EAPOL requests
  • Maximum number of retries
  • Port timeout value for a response from the supplicant
  • Port timeout value for a response from the RADIUS server

Enter timeout values in seconds for the appropriate options.

[Prev][Next][Report an Error]