interface/{interface-type}/{interface-name}/dot1x

Configures, retrieves, and modifies 802.1X authentication.

Resource URIs

URI Description
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x Configures 802.1X authentication. Supported interface type: Ethernet.
GET URIs Description
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x IEEE 802.1X port-based access control. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/authentication Enables dot1x on a port. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/port-control Allows port client to negotiate. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/quiet-period Configures time interval in seconds that the device remains idle between a failed authentication and a reauthentication attempt. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/reauthMax Sets maximum count that a port attempts 802.1x reauthentication before the port changes to the unauthorized state. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/max-req Sets retransmission parameter that defines the maximum number of times EAP request/challenge frames are retransmitted when EAP response/identity frame is not received from the client. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/reauthentication Enables reauthentication on a port. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/filter-strict-security Enable strict mode on a port. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout Sets a timeout parameter. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout/re-authperiod Sets reauthentication interval in seconds. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout/supp-timeout Sets supplicant response timeout (default = 30). Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout/tx-period Sets transmission period in seconds (default = 30). Supported interface type: Ethernet.
PATCH URIs Payload Description
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x <dot1x><authentication>(enumeration)</authentication></dot1x> Configures IEEE 802.1X port-based access control and enables dot1x on a port. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x <dot1x><port-control>{enumeration}</port-control></dot1x> Allows port client to negotiate. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x <dot1x><quiet-period>{uint32}</quiet-period></dot1x> Configures time interval in seconds that the device remains idle between a failed authentication and a reauthentication attempt. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x <dot1x><reauthMax>{uint32}</reauthMax></dot1x> Sets maximum count that a port attempts 802.1x reauthentication before the port changes to the unauthorized state. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x <dot1x><max-req>{uint32}</max-req></dot1x> Sets retransmission parameter that defines the maximum number of times EAP request/challenge frames are retransmitted when EAP response/identity frame is not received from the client. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x <dot1x><reauthentication>(enumeration)</reauthentication></dot1x> Enables reauthentication on a port. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x <dot1x><filter-strict-security>true</filter-strict-security></dot1x> Enables strict mode on a port. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout <timeout><re-authperiod>{dot1x-reauth-timeout-interval}</re-authperiod></timeout> Sets reauthentication interval in seconds. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout <timeout><supp-timeout>{dot1x-supp-timeout-interval}</supp-timeout></timeout> Sets supplicant response timeout (default = 30). Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout <timeout><tx-period>{dot1x-tx-timeout-interval}</tx-period></timeout> Sets transmission period in seconds (default = 30). Supported interface type: Ethernet.
PUT URIs Payload Description
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/authentication <authentication>(enumeration)</authentication> Configures IEEE 802.1X port-based access control and enables dot1x on a port. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/port-control <port-control>{enumeration}</port-control> Allows port client to negotiate. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/quiet-period <quiet-period>{uint32}</quiet-period> Configures time interval in seconds that the device remains idle between a failed authentication and a reauthentication attempt. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/reauthMax <reauthMax>{uint32}</reauthMax> Sets maximum count that a port attempts 802.1x reauthentication before the port changes to the unauthorized state. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/max-req <max-req>{uint32}</max-req> Sets retransmission parameter that defines the maximum number of times EAP request/challenge frames are retransmitted when EAP response/identity frame is not received from the client. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/reauthentication <reauthentication>(enumeration)</reauthentication> Enables reauthentication on a port. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/filter-strict-security <filter-strict-security>(enumeration)</filter-strict-security> Enables strict mode on a port. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout/re-authperiod <re-authperiod>{dot1x-reauth-timeout-interval}</re-authperiod> Sets reauthentication interval in seconds. Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout/supp-timeout <supp-timeout>{dot1x-supp-timeout-interval}</supp-timeout> Sets supplicant response timeout (default = 30). Supported interface type: Ethernet.
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout/tx-period <tx-period>{dot1x-tx-timeout-interval}</tx-period> Sets transmission period in seconds (default = 30). Supported interface type: Ethernet.
DELETE URIs
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/authentication
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/port-control
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/quiet-period
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/reauthMax
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/max-req
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/reauthentication
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/filter-strict-security
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout/re-authperiod
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout/supp-timeout
<base_URI>/config/running/interface/{interface-type}/{interface-name}/dot1x/timeout/tx-period

Parameters

interface-type

Supported interface type: Ethernet only.

quiet-period

Specifies the time between failed reauthentication and reauthentication attempt. Valid values range from 1 through 65535 seconds. The default quiet period is 60 seconds.

reauthMax

Specifies the maximum number of reauthentication attempts before the port goes to the unauthorized state. Valid values range from 1 through 10. The default value is 2.

max-req
Specifies the number of EAP frame re-transmissions. The range is from 1 through 10. The default value is 2.
re-authperiod

Specifies the interval at which clients connected to 802.1X authentication enabled ports are periodically reauthenticated.

supp-timeout

Specifies the EAP response timeout for 802.1x authentication. By default, when the Extreme device relays an EAPRequest frame from the RADIUS server to the client, it expects to receive a response from the client within 30 seconds. If the client does not respond within the allotted time, the device retransmits the EAP-Request frame to the client.

tx-timeout

Specifies the EAP request retransmission interval, in seconds, with the client. By default, if the Extreme device does not receive an EAP-response/identity frame from a client, the device waits 30 seconds, then retransmits the EAPrequest/identity frame. You can optionally change the amount of time the Extreme device waits before re-transmitting the EAP-request/identity frame to the client. If the client does not send back an EAP-response/identity frame within 60 seconds, the device will transmit another EAP-request/identity frame. The tx-period is a value from 1 through 4294967295. The default is 30 seconds.

Usage Guidelines

GET, POST, PUT, PATCH, DELETE, OPTIONS, and HEAD operations are supported.

Examples

URI

The following example uses the GET option to retrieve the configuration details.

http://host:80/rest/config/running/interface/Ethernet/%221/3%22/dot1x

None 

<dot1x xmlns="urn:Extreme.com:mgmt:Extreme-dot1x" xmlns:y="http://Extreme.com/ns/rest" 
y:self="/rest/config/running/interface/Ethernet/%221/3%22/dot1x">
  <authentication>true</authentication>
  <port-control>force-unauthorized</port-control>
  <protocol-version>1</protocol-version>
  <quiet-period>3</quiet-period>
  <reauthMax>1</reauthMax>
  <max-req>6</max-req>
  <reauthentication>true</reauthentication>
  <filter-strict-security>true</filter-strict-security>
  <timeout y:self="/rest/config/running/interface/Ethernet/%221/3%22/dot1x/timeout">
    <re-authperiod>7</re-authperiod>
    <supp-timeout>8</supp-timeout>
    <tx-period>9</tx-period>
  </timeout>
</dot1x>

URI

The following example uses the PATCH option to configure dot1x.

http://host:80/rest/config/running/interface/Ethernet/%221/3%22/dot1x 

<dot1x><authentication>true</authentication></dot1x>

None

URI

The following example uses the DELETE option to remove dot1x.

http://host:80/rest/config/running/interface/Ethernet/%221/3%22/dot1x/authentication

None

None

9036681-01 Rev AA