Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring 802.1X Interface Settings on MX Series Routers in Enhanced LAN Mode

Starting with Junos OS Release 14.2, IEEE 802.1X authentication provides network edge security, protecting Ethernet LANs from unauthorized user access by blocking all traffic to and from a supplicant (client) at the interface until the supplicant's credentials are presented and matched on the authentication server (a RADIUS server). When the supplicant is authenticated, the switch stops blocking access and opens the interface to the supplicant.

Note:
  • You can also specify an 802.1X exclusion list to specify supplicants can that can bypass authentication and be automatically connected to the LAN.

  • You cannot configure 802.1X user authentication on interfaces that have been enabled for Q-in-Q tunneling.

  • You cannot configure 802.1X user authentication on redundant trunk groups (RTGs).

Before you begin, specify the RADIUS server or servers to be used as the authentication server.

To configure 802.1X on an interface:

  1. Configure the supplicant mode as single (authenticates the first supplicant), single-secure (authenticates only one supplicant), or multiple (authenticates multiple supplicants):
  2. Enable reauthentication and specify the reauthentication interval:
  3. Configure the interface timeout value for the response from the supplicant:
  4. Configure the timeout for the interface before it resends an authentication request to the RADIUS server:
  5. Configure how long, in seconds, the interface waits before retransmitting the initial EAPOL PDUs to the supplicant:
  6. Configure the maximum number of times an EAPOL request packet is retransmitted to the supplicant before the authentication session times out:
  7. Configure the number of times the switch attempts to authenticate the port after an initial failure. The port remains in a wait state during the quiet period after the authentication attempt.
Note:

This setting specifies the number of tries before the switch puts the interface in a “HELD” state.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
14.2
Starting with Junos OS Release 14.2, IEEE 802.1X authentication provides network edge security, protecting Ethernet LANs from unauthorized user access by blocking all traffic to and from a supplicant (client) at the interface until the supplicant's credentials are presented and matched on the authentication server (a RADIUS server).