CHAPTER 81
802.1X and MAC RADIUS Authentication
Overview
Security Features for EX Series Switches Overview
Copyright © 2010, Juniper Networks, Inc.
Security Features for EX Series Switches Overview on page 2523
Understanding Authentication on EX Series Switches on page 2526
802.1X for EX Series Switches Overview on page 2531
Authentication Process Flow for EX Series Switches on page 2533
Understanding Server Fail Fallback and Authentication on EX Series
Switches on page 2536
Understanding Dynamic VLANs for 802.1X on EX Series Switches on page 2537
Understanding Guest VLANs for 802.1X on EX Series Switches on page 2538
Understanding 802.1X and RADIUS Accounting on EX Series Switches on page 2539
Understanding 802.1X and LLDP and LLDP-MED on EX Series Switches on page 2540
Understanding 802.1X and VoIP on EX Series Switches on page 2542
Understanding 802.1X and VSAs on EX Series Switches on page 2544
Juniper Networks Junos operating system (Junos OS) is a network operating system that
has been hardened through the separation of control forwarding and services planes,
with each function running in protected memory. The control-plane CPU is protected by
rate limiting, routing policy, and firewall filters to ensure switch uptime even under severe
attack. In addition, the switches fully integrate with the Juniper Networks Unified Access
Control (UAC) product to provide both standards-based 802.1X port-level access and
Layer 2 through Layer 4 policy enforcement based on user identity. Access port security
features such as dynamic Address Resolution Protocol (ARP) inspection, DHCP snooping,
and MAC limiting are controlled through a single Junos OS CLI command.
Juniper Networks EX Series Ethernet Switches provide the following hardware and
software security features:
Console Port—Allows use of the console port to connect to the Routing Engine through
an RJ-45 cable. You then use the command-line interface (CLI) to configure the switch.
2523