Understanding 802.1X and VSAs on EX Series Switches
Juniper Networks EX Series Ethernet Switches support the configuration of RADIUS server
attributes specific to Juniper Networks. These attributes are known as vendor-specific
attributes (VSAs) and are described in RFC 2138,
Remote Authentication Dial In User
Service
(RADIUS). Through VSAs, you can configure port-filtering attributes on the RADIUS
server. VSAs are clear text fields sent from the RADIUS server to the switch as a result
of the 802.1X authentication success or failure. The 802.1X authentication prevents
unauthorized user access by blocking a supplicant at the port until the supplicant is
authenticated by the RADIUS server. The VSA attributes are interpreted by the switch
during authentication, and the switch takes appropriate actions. Implementing
port-filtering attributes with 802.1X authentication on the RADIUS server provides a
central location for controlling LAN access for supplicants.
These port-filtering attributes specific to Juniper Networks are encapsulated in a RADIUS
server VSA with the vendor ID set to the Juniper Networks ID number, 2636.
As well as configuring port-filtering attributes through VSAs, you can apply a port firewall
filter that has already been configured on the switch directly to the RADIUS server. Like
port-filtering attributes, the filter is applied during the 802.1X authentication process,
and its actions are applied at the switch port. Adding a port firewall filter to a RADIUS
server eliminates the need to add the filter to multiple ports and switches. For more
information, see “Example: Applying a Firewall Filter to 802.1X-Authenticated Supplicants
Using RADIUS Server Attributes on an EX Series Switch” on page 2574.
VSAs are only supported for 802.1X single-supplicant configurations and
multiple-supplicant configurations.
Related
Documentation
•
Understanding Authentication on EX Series Switches on page 2526
•
Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations
on an EX Series Switch on page 2568
•
Filtering 802.1X Supplicants Using RADIUS Server Attributes on page 2618
•
Configuring Firewall Filters (CLI Procedure) on page 3063
•
VSA Match Conditions and Actions for EX Series Switches on page 2626
Copyright © 2010, Juniper Networks, Inc.
2544
Complete Software Guide for Junos
®
OS for EX Series Ethernet Switches, Release 10.3
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...