•
Configured users on the RADIUS authentication server (in this example, the user profiles
for Supplicant 1 and Supplicant 2 in the topology are modified on the RADIUS server).
Overview and Topology
When the 802.1X configuration on an interface is set to
multiple
supplicant mode, you
can apply a single port firewall filter configured through the Junos OS CLI on the EX Series
switch to any number of end devices (supplicants) on one interface by adding the filter
centrally to the RADIUS server. Only a single filter can be applied to an interface; however,
the filter can contain multiple terms for separate end devices.
For more information about firewall filters, see “Firewall Filters for EX Series Switches
Overview” on page 3001.
RADIUS server attributes are applied to end devices after the devices are successfully
authenticated using 802.1X. To authenticate an end device, the switch forwards the end
device’s credentials to the RADIUS server. The RADIUS server matches the credentials
against preconfigured information about the supplicant located in the supplicant’s user
profile on the RADIUS server. If a match is found, the RADIUS server instructs the switch
to open an interface to the end device. Traffic then flows from and to the end device on
the LAN. Further instructions configured in the port firewall filter and added to the end
device’s user profile using a RADIUS server attribute further define the access that the
end device is granted. Filtering terms configured in the port firewall filter are applied to
the end device after 802.1X authentication is complete.
Figure 57 on page 2576 shows the topology used for this example. The RADIUS server is
connected to an EX4200 switch on access port
ge-0/0/10
. Two end devices (supplicants)
are accessing the LAN on interface
ge-0/0/2
. Supplicant 1 has the MAC address
00:50:8b:6f:60:3a
. Supplicant 2 has the MAC address
00:50:8b:6f:60:3b
.
2575
Copyright © 2010, Juniper Networks, Inc.
Chapter 82: Examples: Access Control Configuration
Summary of Contents for JUNOS OS 10.3 - SOFTWARE
Page 325: ...CHAPTER 17 Operational Mode Commands for System Setup 229 Copyright 2010 Juniper Networks Inc ...
Page 1323: ...CHAPTER 56 Operational Mode Commands for Interfaces 1227 Copyright 2010 Juniper Networks Inc ...
Page 2841: ...CHAPTER 86 Operational Commands for 802 1X 2745 Copyright 2010 Juniper Networks Inc ...
Page 3367: ...CHAPTER 113 Operational Mode Commands for CoS 3271 Copyright 2010 Juniper Networks Inc ...
Page 3435: ...CHAPTER 120 Operational Mode Commands for PoE 3339 Copyright 2010 Juniper Networks Inc ...
Page 3529: ...CHAPTER 126 Operational Mode Commands for MPLS 3433 Copyright 2010 Juniper Networks Inc ...