X Features Overview - Dell PowerConnect J-EX4200-24T Software Manual

Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS

802.1X Features Overview

Supported Features Related to 802.1X Authentication
2254
Network access can be further defined using VLANs and firewall filters, which both act
as filters to separate and match groups of end devices to the areas of the LAN they
require.
802.1X features on J-EX Series Switches are:
Guest VLAN—Provides limited access to a LAN, typically just to the Internet, for
supplicants that fail 802.1X authentication.
Server-reject VLAN—Provides limited access to a LAN, typically just to the Internet, for
end devices that fail MAC RADIUS authentication.
Dynamic VLAN—Enables a supplicant, after authentication, to be a member of a VLAN
dynamically.
Private VLAN—Enables configuration of 802.1X authentication on interfaces that are
members of private VLANs (PVLANs).
Dynamic changes to a user session—Allows the switch administrator to terminate an
already authenticated session. This feature is based on support of the RADIUS
Disconnect Message defined in RFC 3576.
Support for VoIP—Supports IP telephones. If the phone is 802.1X-enabled, it is
authenticated like any other supplicant. If the phone is not 802.1X-enabled, but has
another 802.1X-compatible device connected to its data port, that device is
authenticated, and then VoIP traffic can flow to and from the phone (providing that
the interface is configured in single mode and not in single-secure mode).
NOTE: Configuring a VoIP VLAN on private VLAN (PVLAN) interfaces is
not supported.
RADIUS accounting—Sends accounting information to the RADIUS accounting server.
Accounting information is sent to the server whenever a subscriber logs in or logs out
and whenever a subscriber activates or deactivates a subscription.
Vendor Specific Attributes (VSAs)—Supports the
the RADIUS authentication server that can be used further define a supplicant's access
during the 802.1X authentication process. Centrally configuring VSAs on the
authentication server does away with the need to configure these same attributes in
the form of firewall filters on every switch in the LAN to which the supplicant may
connect to the LAN. This feature is based on RLI 4583, AAA RADIUS BRAS VSA Support.
802.1X does not replace other security technologies. 802.1X works together with port
security features, such as DHCP snooping, dynamic ARP inspection (DAI), and MAC
limiting, to guard against spoofing.
attribute on
Juniper-Switching-Filter