Table of Contents
Advertisement
Complete Software Guide for Junos
Understanding Authentication on EX Series Switches
A Basic Authentication Topology
2526
®
OS for EX Series Ethernet Switches, Release 10.3
You can control access to your network through a Juniper Networks EX Series Ethernet
Switch using several different authentication methods—802.1X, MAC RADIUS, or captive
portal. Authentication prevents unauthorized devices and users from gaining access to
your LAN. For 802.1X and MAC RADIUS authentication, end devices must be authenticated
before they receive an IP address from a DHCP server. For captive portal authentication,
the switch allows the end devices to get an IP address and allows forwarding of DHCP,
DNS, and ARP packets.
You can allow end devices to access the network without authentication by including
the MAC address of the end device in the static MAC bypass list or, for captive portal, by
including the MAC address of the end device in the authentication whitelist.
You can configure 802.1X, MAC RADIUS, and captive portal on the same interface and
in any combination, except that you cannot configure MAC RADIUS and captive portal
on an interface without also configuring 802.1X. If you configure multiple authentication
methods on a single interface, the switch falls back to another method if the first method
is unsuccessful. For a description of the process flow when multiple authentication
methods are configured on an interface, see "Authentication Process Flow for EX Series
Switches" on page 2533.
This topic covers:
A Basic Authentication Topology on page 2526
802.1X Authentication on page 2528
MAC RADIUS Authentication on page 2528
Captive Portal Authentication on page 2529
Static MAC Bypass of Authentication on page 2530
Fallback of Authentication Methods on page 2530
Figure 47 on page 2527 illustrates a basic deployment topology for authentication on an
EX Series switch:
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Chapters
Table of Contents
Troubleshooting
