Switch - Juniper JUNOS OS 10.3 - SOFTWARE Manual

Requirements
Overview and Topology
Copyright © 2010, Juniper Networks, Inc.
Configuration of a Guest VLAN That Includes 802.1X Authentication on page 2557
Verification on page 2558
This example uses the following hardware and software components:
Junos OS Release 9.0 or later for EX Series switches
One EX Series switch acting as an authenticator interface access entity (PAE). The
interfaces on the authenticator PAE form a control gate that blocks all traffic to and
from supplicants until they are authenticated.
One RADIUS authentication server that supports 802.1X. The authentication server
acts as the backend database and contains credential information for hosts
(supplicants) that have permission to connect to the network.
Before you configure guest VLAN authentication, be sure you have:
Installed your EX Series switch. See Installing and Connecting an EX3200 or EX4200

Switch.

Performed the initial switch configuration. See "Connecting and Configuring an EX
Series Switch (J-Web Procedure)" on page 189.
Performed basic bridging and VLAN configuration on the switch. See "Example: Setting
Up Basic Bridging and a VLAN for an EX Series Switch" on page 1305.
As part of IEEE 802.1X Port-Based Network Access Control (PNAC), you can provide
limited network access to supplicants who do not belong to a VLAN authentication group
by configuring authentication to a guest VLAN. Typically, guest VLAN access is used to
provide Internet access to visitors to a corporate site. However, you can also use the
guest VLAN feature to provide supplicants that fail 802.1X authentication to a corporate
LAN with access to a VLAN with limited resources.
Figure 53 on page 2556 shows the conference room connected to the switch at interface
.
ge-0/0/1
Chapter 82: Examples: Access Control Configuration
2555