User Authentication; Chapter 12 User Authentication; Ieee 802.1X Support Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

CHAPTER 12

User Authentication

IEEE 802.1x Support Overview

Related
Documentation
Copyright © 2010, Juniper Networks, Inc.
This chapter explains the options available for using Extensible Authentication Protocol
(EAP) to provide authentication for Ethernet and wireless interfaces. It contains the
following topics:
IEEE 802.1x Support Overview on page 361
Supported EAP Types on page 362
EAP is an authentication framework that supports multiple authentication methods. EAP
typically runs directly over data link layers, such as Point-to-Point Protocol (PPP) or IEEE
802, without requiring Layer 3 addressing.
IEEE 802.1X works for port-based access control, and IKEv2 uses it as an option for
authentication. EAP functions in a security device configured in Transparent or Route
(with or without Network Address Translation enabled) mode. Network and Security
Manager (NSM) NetScreen Redundancy Protocol (NSRP) supports EAP in networks
with high availability. Log messages and SNMP support are also available.
IEEE 802.1X support is available for all platforms.
EAP functions as the authentication portion of PPP, which operates at Layer 2. EAP
authenticates a supplicant, or client, after the supplicant sends proper credentials and
the authentication server, usually a RADIUS server, defines the user-level permissions.
When you use EAP, all authentication information passes through the security device
(known as a pass-through method of EAP authentication). All user information is stored
on the authentication server.
If you use a RADIUS server for authentication that supports vendor-specific attributes
(VSAs), you can use the zone-verification feature to verify the zones in which a client is
a member.
Route Types Overview on page 295
Routing Table Entries Overview on page 305
RIP Overview on page 321
Supported EAP Types on page 362
361