API ReferenceNew CentralGuidesMRT APIConfiguration API
GithubAirheads Developer Community
API Reference
GithubAirheads Developer Community

Configure a new 802.1X authentication profile.

post
https://de1.api.central.arubanetworks.com/network-config/v1alpha1/dot1xauth/

List of 802.1X authentication profiles.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Path Params
string
required
length ≤ 9999

Name of the 802.1X authentication profile.

Query Params
string

LOCAL - To create local objects. SHARED - To create shared objects. Default - Defaults to SHARED if not provided

string

Scope at which local object needs to be created. Mandatory if object-type = LOCAL. Should not be provided for object-type = SHARED.

string

Device function for which the local object needs to be created. Mandatory if object_type = LOCAL. Should not be provided for object_type = SHARED.

Body Params

profilebody object

int32
1 to 4094

Configures the VLAN where the port is moved after a successful
authentication.

string
length ≤ 9999

CA Certificate Name for the Client Certificate Verification.

boolean
Defaults to false

Enable cached re-authentication.

int64
1 to 4294967295

Time period (in seconds) during which cached re-authentication
is allowed. This is applicable only when cached-reauth is enabled.

boolean
Defaults to false

Allow the device to send a canned EAP success packet to the supplicant
to indicate a successful authentication when:

  1. The authentication fails due to a RADIUS server reject, but
    the interface on which the client on-boarded has a reject-role
    configured.
  2. The authentication fails due to a RADIUS server timeout, but
    the interface on which the client on-boarded has a critical-role
    configured.
boolean
Defaults to true

Check certificate common name against AAA server.

int32
1 to 32

Maximum number of clients that can be authenticated on the interface.

string
enum
Defaults to AUTO

Configure the control mode.

Show Details
AUTHORIZEDGives access to a device connected to the port even without a valid 802.1X crendential.
AUTOThe device connected to the port must support 802.1X authentication and provide valid credentials to get network access.
UNAUTHORIZEDDeny access to a device connected to the port even with a valid 802.1X crendential.
Allowed:
boolean
Defaults to false

Delete key cache entry when user entry is deleted.

int32
1 to 65535
Defaults to 30

Time period (in seconds) to wait before an EAPoL request
identity frame re-transmission on an 802.1X enabled interface
with no authenticated client.

boolean
Defaults to false

Enable EAPOL Logoff.

int32
1 to 10

The number of EAPOL requests to send to a supplicant
that must time out before authentication fails and
the authentication session ends.

int32
1 to 65535

Time period (in seconds) to wait for a response from a client before
retransmitting an EAPoL PDU.

boolean
Defaults to false

Enable 802.1X authentication on a port.

boolean
Defaults to false

Enable enforced cached re-authentication.

boolean
Defaults to false

Enable Suite-B 128 bit or more security level Authentication enforcement.

boolean
Defaults to false

Enable Suite-B 192 bit or more security level Authentication enforcement.

int64
500 to 1500
Defaults to 1100

Framed MTU length

int64
0 to 3
Defaults to 3

Maximum number of times station can send bad credentials

boolean
Defaults to false

Ignore EAP ID during negotiation.

boolean
Defaults to false

Ignore EAPOl-START messages after authentication.

int32
1 to 300

Time period (in seconds) to wait for the first EAPoL frame from a
client before deeming the client to be incapable of 802.1X and
start authentication using the next configured authentication
method, if any.
If not set, the next configured authentication method is attempted only
after the authentication cycle of the current method is complete.

int64
1 to 2000
Defaults to 8

Per BSSID PMKSA (Pairwise Master Key Security Association) cache interval in hours.

int64
1 to 999999999
Defaults to 300

Time period (in seconds) after which a client will be considered
removed from the port for a lack of activity.

macsec
object

Enables the switch to provision a MACsec channel
dynamically when the 802.1X client is authenticated using
an EAP method that supports mutual authentication.

int32
1 to 10
Defaults to 3

Max number of reauthentication attempts before giving up.

int32
1 to 10

Number of authentication attempts before authentication fails.
GW supported max range is 5

int64
60 to 864000
Defaults to 1800

Set the period between multicast key rotation.

boolean
Defaults to false

Enable or Disable Multicast Key Rotation.

boolean

Enable Opportunistic Key Caching (WPA2/WPA3 Only).By default, the 802.1X authentication profile enables a
cached pairwise master key (PMK) derived via a client and
an associated AP and used when the client roams to a new AP.
This allows clients faster roaming without a full 802.1x authentication.

int32
0 to 65535

Time period (in seconds) to wait before processing an authentication
request from a client that failed authentication.

boolean
Defaults to false

Enable periodic re-authentication.

int64
1 to 4294967295

Time period (in seconds) to enforce periodic re-authentication of
clients. This is applicable only when reauth is enabled

boolean
Defaults to false

Use the termination-action attribute from the Server.

string
length ≤ 9999

Server Certificate for EAP termination.

int32
1 to 300
Defaults to 300

Time period (in seconds) to wait for a server response to an
authentication request. If there is no response within the configured
time frame, the device assumes that the authentication attempt has
timed out.

boolean
Defaults to false

Enable guest access for users with valid certificate.

string
length between 1 and 256

Assign TLS Guest role.

int32
0 to 255
Defaults to 0

Time period (in seconds) to wait before moving the interface to the
VLAN for unauthenticated clients.

int32
1 to 4094

Configures the VLAN where the port is moved with an unauthenticated
client.

int64
60 to 864000
Defaults to 900

Set the period between unicast key rotation.

boolean
Defaults to false

Enable or Disable Unicast Key Rotation.

boolean
Defaults to false

Use RADIUS Session Key as the unicast WEP key. This option is disabled by default.

boolean
Defaults to false

Use Static Key as the Unicast/Multicast WEP key.This option is disabled by default.

boolean
Defaults to true

PMK (Pairwise Master Key) identifier (WPA2/WPA3 Only).
This parameter instructs the controller to check the pairwise master key (PMK) ID
sent by the client. When this option is enabled,
the client must send a PMKID in the associate or reassociate frame to indicate that it supports OKC or PMK caching;
otherwise, full 802.1x authentication takes place.

int32
1 to 3
Defaults to 2

Set the Number of times Unicast/Multicast EAPOL Key Messages are sent to the station.

int64
40 to 128
Defaults to 128

Set the Dynamic WEP Key Size.

boolean
Defaults to false

Enable WPA-Fast-Handover.

int64
0 to 2000
Defaults to 0

Delay between WPA unicast and multicast key exchange.

int32
1 to 65535

Set the time period between each WPA/WPA2/WPA3 key exchange.

int32
1 to 65535
Defaults to 3

Set the Number of times WPA/WPA2/WPA3 Key Messages are retried.

int64
0 to 2000
Defaults to 0

Delay between EAP-Success and unicast key exchange.

int64
1024 to 1500
Defaults to 1300

XSEC MTU value.

machine-auth
object

Machine Authentication configuration.

server-parameters
object

Authentication server parameters.

dot1x-termination
object

IEEE 802.1X termination parameters.

string
length between 1 and 256

802.1X authentication profile description.

string
length between 1 and 256

Name of the 802.1X authentication profile.

Responses

Updated 11 days ago

Language
Credentials
OAuth2
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json

Updated 11 days ago