Table of Contents
Advertisement
Related
Documentation
Configuring 802.1X Interface Settings (CLI Procedure)
Copyright © 2010, Juniper Networks, Inc.
Configure the IP address of the EX Series switch in the list of clients on the RADIUS
6.
server. For specifics on configuring the RADIUS server, consult the documentation for
your server.
Configuring 802.1X Interface Settings (CLI Procedure) on page 2829
Configuring 802.1X Authentication (J-Web Procedure) on page 2830
Configuring MAC RADIUS Authentication (CLI Procedure) on page 2833
Configuring 802.1X RADIUS Accounting (CLI Procedure) on page 2837
IEEE 802.1X authentication provides network edge security, protecting Ethernet LANs
from unauthorized user access by blocking all traffic to and from a supplicant (client) at
the interface until the supplicant's credentials are presented and matched on the
authentication server (a RADIUS server). When the supplicant is authenticated, the switch
stops blocking access and opens the interface to the supplicant.
NOTE: You can also specify an 802.1X exclusion list to specify supplicants
can that can bypass authentication and be automatically connected to the
LAN. See "Configuring Static MAC Bypass of Authentication (CLI Procedure)"
on page 2832.
Before you begin, specify the RADIUS server or servers to be used as the authentication
server. See "Specifying RADIUS Server Connections on an EX Series Switch (CLI
Procedure)" on page 2828.
To configure 802.1X on an interface:
Configure the supplicant mode as
1.
single-secure
(authenticates only one supplicant), or
supplicants):
[edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5 supplicant multiple
Enable reauthentication and specify the reauthentication interval:
2.
[edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5/0 reauthentication interval 5
Configure the interface timeout value for the response from the supplicant:
3.
[edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5 supplicant-timeout 5
Configure the timeout for the interface before it resends an authentication request to
4.
the RADIUS server:
[edit protocols dot1x]
user@switch# set authenticator interface ge-0/0/5 server-timeout 5
Chapter 89: Configuring Access Control
(authenticates the first supplicant),
single
multiple
(authenticates multiple
2829
Advertisement
Chapters
Table of Contents
Troubleshooting
