clear dot1x
Syntax
clear dot1x (firewall <counter-name> | interface <[interface-name]> | mac-address [mac-addresses] | statistics <interface interface-name>)
Description
Reset the authentication state of an interface or delete 802.1X statistics from the switch. When you reset an interface using the interface or mac-address options, reauthentication on the interface is also triggered. The switch sends out a multicast message on the interface to restart the authentication of all connected supplicants. If a MAC address is reset, then the switch sends out a unicast message to that specific MAC address to restart authentication.
If a supplicant is sending traffic when the clear dot1x
interface
command is issued, the authenticator immediately initiates
reauthentication. This process happens quickly, and it might seem
that reauthentication did not occur. To verify that reauthentication
has happened, issue the show dot1x interface detail
command.
The values for Reauthentication due and Reauthentication
interval will be about the same.
When you clear the learned MAC addresses from an interface
using the clear dot1x interface
command, all MAC addresses
are cleared, including those in static MAC bypass list.
If you have enabled Media Access Control Security (MACsec) using
static secure association key (SAK) security mode on an EX Series
switch, the SAKs are rotated when the clear dot1x
command
is entered. The clear dot1x
command has no impact on MACsec
when MACsec is enabled using static connectivity association keys
(CAK) or any other security mode.
Options
eapol-block | Clear EAPOL block on the interface and allow the switch to receive EAPOL messages from a supplicant connected to that interface. |
firewall <counter-name> | Clear 802.1X firewall counter statistics. If the counter-name option is specified, clear 802.1X firewall statistics for that counter. |
interface <[interface-name]> | Reset the authentication state of all the supplicants (also, clears all the authentication bypassed clients) connected to the specified interface (when the interface is an authenticator) or reset the authentication state for the interface itself (when the interface is a supplicant). |
mac-address [mac-addresses] | Reset the authentication state of the specified MAC addresses. |
statistics <interface interface-name> | Clear 802.1X statistics on all 802.1X-enabled interfaces. If the interface option is specified, clear 802.1X firewall statistics for that interface or interfaces. |
Required Privilege Level
view
Sample Output
- clear dot1x firewall
- clear dot1x interface (Specific Interfaces)
- clear dot1x mac-address (Specific MAC Address)
- clear dot1x statistics interface (Specific Interface)
- clear dot1x eapol-block
clear dot1x firewall
user@switch> clear dot1x firewall c1
clear dot1x interface (Specific Interfaces)
user@switch> clear dot1x interface ge-1/0/0 ge-2/0/0 ge-2/0/0 ge5/0/0
clear dot1x mac-address (Specific MAC Address)
user@switch> clear dot1x mac-address 00:04:ae:cd:23:5f
clear dot1x statistics interface (Specific Interface)
user@switch> clear dot1x statistics interface ge-1/0/1
clear dot1x eapol-block
user@switch> clear dot1x eapol-block
Release Information
Command introduced in Junos OS Release 9.0.
firewall option added in Junos OS Release 9.5 for EX Series switches.
Support for eapol-block
introduced in Junos OS Releases
14.1X53-D40 and 15.1X53-D51 for EX Series switches.