Switches - Juniper JUNOS OS 10.3 - SOFTWARE Manual

Complete Software Guide for Junos
2534
®
OS for EX Series Ethernet Switches, Release 10.3
Figure 48: Authentication Process Flow for an EX Series Switch
The basic authentication process works like this:
Authentication is initiated by an end device sending an EAP request or a data packet.
1.
If the MAC address of the end device is in the static MAC bypass list or the
2.
authentication whitelist, the switch accepts the end device without querying the
authentication server and allows the end device to access the LAN.
If the MAC address is not in the static MAC bypass list or the authentication whitelist,
3.
the switch checks whether an
If an authenticator is not configured, the switch checks for captive portal
configuration—skip to Step 6.
If an authenticator is configured:
The switch checks whether the
a.
interface. If
mac-radius restrict
authentication—skip to Step 5. If it is configured, go on to Step 2.
The switch sends either an EAP request (if the end device initiated contact with a
b.
data packet) or an EAP response (if the end device initiated contact with an
EAPOL-start message).
If there is no response, the switch tries sending an EAP request two more times.
c.
authenticator statement is configured on the interface.
mac-radius restrict statement is configured on the
is configured, the switch does not attempt 802.1X
Copyright © 2010, Juniper Networks, Inc.