/system/interfaces/{Interface.name}/port_access_auth_configurations

post

https://switch-ip/rest/v10.16/system/interfaces/{Interface.name}/port_access_auth_configurations

Path Params

Interface.name

string

required

Reference Resource: Port
The port name. For non-bonded ports, the port name is the same as the associated interface name. The name must otherwise be unique across all ports and interfaces of the system.

Body Params

auth_enable

boolean

Enables authentication on the port.

authentication_method

string

required

Reference Resource: Port_Access_Auth_Configuration
Authentication method specific port-access configurations on this interface.

cached_reauth_enable

boolean

Enables cached re-authentication on this port.

cached_reauth_period

int64

30 to 4294967295

Time in seconds, during which cached re-authentication is allowed on the port.

canned_eap_success_enable

boolean

Allow the switch to send a canned EAP success packet to the supplicant to indicate a successful authentication when: 1. The authentication fails due to a RADIUS server reject, but the port on which the client on-boarded has a reject-role configured. 2. The authentication fails due to a RADIUS server timeout, but the port on which the client on-boarded has a critical-role configured.

discovery_period

integer

1 to 65535

Time period(in seconds) to wait before an EAPOL request identity frame re-transmission on an 802.1X enabled port with no authenticated client. Applicable for 802.1X only.

eapol_timeout

integer

1 to 65535

Time period(in seconds) to wait for a response from a client before retransmitting an EAPOL PDU. If the value is not set the time period is calculated as per RFC 2988. Applicable for 802.1X only.

initial_auth_response_timeout

integer

1 to 300

Time period(in seconds) to wait for the first EAPoL frame from a client before deeming the client to be incapable of 802.1X and start authentication using the next configured authentication method, if any. Applicable for 802.1X only. If not set, the next configured authentication method is attempted only after the authentication cycle of the current method is complete.

is_persona

boolean

macsec_enable

boolean

Enable MACsec via EAP for 802.1X authenticator.

max_requests

integer

1 to 10

Number of EAPOL requests to supplicant before authentication fails. Applicable for 802.1X only.

max_retries

integer

1 to 10

Number of authentication attempts before authentication fails.

mka_cak_length

string

enum

The length (in bytes) of the Connectivity Association Key (CAK) to derive for EAP MACsec. 16: Generate a 16 byte CAK. 32: Generate a 32 byte CAK.

Allowed:

persona

object

quiet_period

integer

0 to 65535

Time period(in seconds) to wait before processing an authentication request from a client that failed authentication.

radius_server_group

string

RADIUS server group to use for authentication. When not set, the RADIUS server group configured for the authentication method at the system level is used.

reauth_enable

boolean

Enables periodic re-authentication on this port.

reauth_period

int64

1 to 4294967295

Time period(in seconds) to enforce periodic re-authentication of clients.

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

415

Unsupported Media Type

500

Internal Server Error

501

Not Implemented

503

Service Unavailable

Language

Response

Click Try It! to start a request and see the response here!