Junos OS

 View Only
last person joined: 19 hours ago 

Ask questions and share experiences about Junos OS.

How to create groups with common commands for dot1x authentication

  • 1.  How to create groups with common commands for dot1x authentication

    Posted 08-15-2023 17:07

    Hello all, 

    I have multiple configurations for dot1x with most of them having common lines with only exceptions like guest-vlan or type of supplicant. I am trying to see if there would be a way to create a group that when applied would give me the common lines and I would need to specify the exceptions. The advantage is that if I need to modify the common lines, I only need to change the group. I believe I need to have close to 10 different sets of interface to play with. Below is for 2 but not sure if bracket are matching properly.

    Thanks for your help.

    protocols {
        dot1x {
            authenticator {
                authentication-profile-name CSA;
                interface {
                    WithDot1x {
                        authentication-order [ mac-radius dot1x ];
                        supplicant multiple;
                        retries 1;
                        quiet-period 5;
                        transmit-period 5;
                        mac-radius {
                            authentication-protocol {
                                pap;
                            }
                        }
                        supplicant-timeout 5;
                        server-timeout 5;
                        guest-vlan 13;
                        server-fail use-cache;
                    }
             WithDot1x -2{
                        authentication-order [ mac-radius dot1x ];
                        supplicant single;
                        retries 1;
                        quiet-period 5;
                        transmit-period 5;
                        mac-radius {
                            authentication-protocol {
                                pap;
                            }
                        }
                        supplicant-timeout 5;
                        server-timeout 5;
                        guest-vlan 13;
                        server-fail use-cache;
                    }            

                }
            }
        }



    ------------------------------
    YVON LEDUC
    ------------------------------