[an error occurred while processing this directive] [an error occurred while processing this directive]

server-fail

Syntax

server-fail (deny | permit | use-cache | vlan-id | vlan-name);

Hierarchy Level

[edit protocols dot1x authenticator interface (all | [interface-names])]

Release Information

Statement introduced in JUNOS Release 9.3 for EX Series switches.

Description

For EX Series switches configured for 802.1X authentication, specify the server fail fallback action the switch takes when all RADIUS authentication servers are unreachable.

When you specify the action vlan-name or vlan-id, the VLAN must already be configured on the switch.

Default

Authentication is denied.

Options

deny—Force fail the supplicant authentication. No traffic will flow through the interface.

permit—Force succeed the supplicant authentication. Traffic will flow through the interface as if it were successfully authenticated by the RADIUS server.

use-cache—Force succeed the supplicant authentication only if it was previously authenticated successfully. This action ensures that already authenticated supplicants are not affected.

vlan-id—Move supplicant on the interface to the VLAN specified by this numeric identifier. This action is allowed only if it is the first supplicant connecting to the interface. If an authenticated supplicant is already connected, then the supplicant is not moved to the VLAN and is not authenticated.

vlan-name—Move supplicant on the interface to the VLAN specified by this name. This action is allowed only if it is the first supplicant connecting to an interface. If an authenticated supplicant is already connected, then the supplicant is not moved to the VLAN and is not authenticated.

Required Privilege Level

routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.


Published: 2009-07-21

[an error occurred while processing this directive]