Table 337: Components of the Supplicant Mode Configuration Topology
Settings
Property
EX4200 switch, 24 Gigabit Ethernet ports: 8 PoE ports (
ge-0/0/0
through
ge-0/0/7
) and 16 non-PoE ports (
ge-0/0/8
through
ge-0/0/23
)
Switch hardware
ge-0/0/8
,
ge-0/0/9
, and
ge-0/0/11
Connections to Avaya phones—with integrated hub, to
connect phone and desktop PC to a single port; (requires
PoE)
To configure the administrative modes to support supplicants in different areas of the
Enterprise network:
•
Configure access port
ge-0/0/8
for single supplicant mode authentication.
•
Configure access port
ge-0/0/9
for single secure supplicant mode authentication.
•
Configure access port
ge-0/0/11
for multiple supplicant mode authentication.
Single supplicant mode authenticates only the first end device that connects to an
authenticator port. All other end devices connecting to the authenticator port after the
first has connected successfully, whether they are 802.1X-enabled or not, are permitted
free access to the port without further authentication. If the first authenticated end device
logs out, all other end devices are locked out until an end device authenticates.
Single-secure supplicant mode authenticates only one end device to connect to an
authenticator port. No other end device can connect to the authenticator port until the
first logs out.
Multiple supplicant mode authenticates multiple end devices individually on one
authenticator port. If you configure a maximum number of devices that can be connected
to a port through port security, the lesser of the configured values is used to determine
the maximum number of end devices allowed per port.
Configuration of 802.1X to Support Multiple Supplicant Modes
To configure 802.1X authentication to support multiple end devices, perform these tasks:
CLI Quick
Configuration
To quickly configure the ports with different 802.1X authentication modes, copy the
following commands and paste them into the switch terminal window:
[edit]
set protocols dot1x authenticator interface ge-0/0/8 supplicant single
set protocols dot1x authenticator interface ge-0/0/9 supplicant single-secure
set protocols dot1x authenticator interface ge-0/0/11 supplicant multiple
Step-by-Step
Procedure
Configure the administrative mode on the interfaces:
Configure the supplicant mode as single on interface
ge-0/0/8
:
1.
[edit protocols]
user@switch#
set dot1x authenticator interface ge-0/0/8 supplicant single
2.
Configure the supplicant mode as single secure on interface
ge-0/0/9
:
2571
Copyright © 2010, Juniper Networks, Inc.
Chapter 82: Examples: Access Control Configuration
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...