Juniper JUNOS OS 10.4 - FOR EX REV 1 Manual page 2945

Applying a Port Firewall Filter from the RADIUS Server
Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
You can apply a firewall filter to user policies on the RADIUS server. The RADIUS server
can then specify the firewall filters that are to be applied to each user that requests to
authenticate. Use this method when the firewall filter has more extensive conditions or
you want to use different conditions for the same filter on different switches. The firewall
filters must be configured on each switch.
For more information about firewall filters, see "Firewall Filters for EX Series Switches
Overview" on page 3225.
To apply a port firewall filter centrally from the RADIUS server:
NOTE: If port firewall filters are also configured locally for the interface, then
VSAs take precedence if they conflict with the filters. If the VSAs and the
local port firewall filters do not conflict, they are merged.
Create the firewall filter on the local switch. In this example, the filter is called
1.
Open the users file on the RADIUS server:
2.
[root@freeradius]#
cd /usr/local/pool/raddb
vi users
For each relevant user, add the filter (here, the filter ID is
3.
Filter-Id = "filter1"
NOTE: Multiple filters are not supported on a single interface. However,
you can support multiple filters for multiple users that are connected to
the switch on the same interface by configuring a single filter with policies
for each of those users.
Stop and restart the RADIUS process to activate the configuration.
4.
Example: Applying a Firewall Filter to 802.1X-Authenticated Supplicants Using RADIUS
Server Attributes on an EX Series Switch on page 2794
Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX Series
Switches on page 3261
Configuring 802.1X Interface Settings (CLI Procedure) on page 2829
Understanding 802.1X and VSAs on EX Series Switches on page 2764
Chapter 89: Configuring Access Control
filter1
):
filter1
.
2841