Using Radius Proxy; Using The Infranet Controller For 802.1X Network Access (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01 Manual
Configuring infranet controllers guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INFRANET CONTROLLER GUIDE REV 01:
- Manual (444 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Using RADIUS Proxy
Related
Documentation
Using the Infranet Controller for 802.1X Network Access (NSM Procedure)
Copyright © 2010, Juniper Networks, Inc.
Chapter 8: Configuring the Infranet Controller RADIUS Server and Layer 2 Access
You can configure the Infranet Controller to proxy RADIUS inner or outer authentication
to an external RADIUS server.
With RADIUS proxy, the Infranet Controller RADIUS server can forward authentication
requests from a network access device to an external RADIUS server. The proxy target
receives the request, performs the authentication, and returns the results. The Infranet
Controller RADIUS server then passes the results to the network access device.
NOTE: When RADIUS proxy is used, realm or role restrictions cannot be
enforced. Host Checker policies, source IP restrictions, and any other limits
that have been assigned are bypassed. RADIUS proxy should be used only if
no restrictions have been applied. The exception is that session limitations
can be enforced for inner proxy. With outer proxy, no session is established.
You configure RADIUS proxy at the realm level. If the authentication server for the realm
is a RADIUS server, option buttons on the page allow you to select inner proxy, outer
proxy, or do not proxy. Do not proxy is selected by default. If the authentication server is
not a RADIUS server, the proxy option buttons are hidden.
If the authentication server selected for a realm is a RADIUS server, the Proxy Outer
Authentication option button controls whether outer authentication is proxied, and the
Proxy Inner Authentication option button controls whether inner authentication is proxied.
You can also choose the Do not proxy option button if you do not want inner or outer
authentication to be proxied. In this case, the Infranet Controller handles both inner and
outer authentication. You must enable the JUAC protocol for this option.
Configuring Role Mapping Rules (NSM Procedure) on page 90
Configuring RADIUS Clients (NSM Procedure) on page 77
Using the Infranet Controller for 802.1X Network Access (NSM Procedure) on page 75
The IEEE 802.1X protocol provides authenticated access to a LAN. The Infranet Controller
RADIUS server can fulfill RADIUS authentication requests from RADIUS clients that
support 802.1X. (If you are using an external RADIUS server for authentication, you can
use the Infranet Controller RADIUS proxy feature.)
To configure the Infranet Controller as a RADIUS server for an 802.1X network access
device, perform these tasks:
Configuring Location Groups (NSM Procedure)
Configuring RADIUS Clients (NSM Procedure)
Configuring a New RADIUS Vendor (NSM Procedure)
75
Advertisement
Table of Contents
