/system/dot1x_supplicant_policies/{Dot1X_Supplicant_Policy.name}

patch

https://switch-ip/rest/v10.16/system/dot1x_supplicant_policies/{Dot1X_Supplicant_Policy.name}

Path Params

Dot1X_Supplicant_Policy.name

string

required

Reference Resource: Dot1X_Supplicant_Policy
Name of the 802.1X supplicant policy.

Body Params

canned_eap_success

boolean

Configure the switch to accept an EAP success without going through the complete authentication cycle.

discovery_timeout

integer

0 to 300

Time period (in seconds) to wait for a potential 802.1X authenticator on the other end before considering the link to be non 802.1X capable and opening the interface on the data-plane. On a timeout, the switch will not use the authentication result to determine the forwarding behavior of the interface until a link flap. If empty, the switch will wait for the 802.1X authentication cycle to complete before determining the forwarding state of the interface.

eap_identity

string

length between 1 and 64

EAP identity used for authentication. If empty, the MAC address of the interface in the form 'aabbccddeeff' is used as the identity.

eap_identity_password

string

Password associated with the EAP identity. If empty, the MAC address of the interface in the form 'aabbccddeeff' is used as the password.

eap_method

string

enum

EAP method to use for authentication. eap-tls: Transport Layer Security Protocol. eap-md5: MD5 hash function to generate hashed password.

Allowed:

eapol_force_multicast

boolean

Force the switch to send only multicast EAPoL packets irrespective of receiving unicast EAPoL packets from the authenticator.

eapol_protocol_version

integer

2 to 3

EAPoL protocol version to use in EAPoL frames transmitted by the switch.

eapol_source_mac

string

enum

The source MAC address to use in EAPoL frames. interface-mac: Use the MAC address of the interface on which the 802.1X supplicant is running. system-mac: Use the MAC address of the device on which the 802.1X supplicant is running.

Allowed:

eapol_timeout

integer

1 to 65535

Time period (in seconds) to wait for a response from an authenticator before reattempting authentication.

fail_mode

string

enum

Forwarding behavior of the interface when the 802.1X authentication fails. fail-open: Open the interface on the data-plane. fail-closed: Block the interface on the data-plane.

Allowed:

held_period

integer

0 to 65535

Time period (in seconds) to wait after a failed authentication attempt before another attempt is permitted.

macsec_policy

string

Reference Resource: MACsec_Policy
MACsec policy associated with this supplicant policy. When not set, if the interface using this supplicant policy has MACsec enabled, traffic ingressing this interface will be dropped.

max_retries

integer

1 to 5

Maximum number of authentication attempts before authentication fails.

mka_cak_length

string

enum

The length (in bytes) of the Connectivity Association Key (CAK) to derive for EAP MACsec. 16: Generate a 16 byte CAK. 32: Generate a 32 byte CAK.

Allowed:

start_mode

string

enum

Forwarding behavior of the interface when the 802.1X supplicant starts operation. start-open: Open the interface on the data-plane. start-closed: Block the interface on the data-plane.

Allowed:

Responses

204

No Content

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

415

Unsupported Media Type

500

Internal Server Error

501

Not Implemented

503

Service Unavailable

Language

Response

Click Try It! to start a request and see the response here!