Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can MAG replace ACS for auth network devices

SOLVED
Go to solution
eng_mahmood48_
Contributor
‎07-29-2012 01:58:AM
‎07-29-2012 01:58:AM

Can MAG replace ACS for auth network devices

Hi

 

Can MAG replace Cisco ACS for authenticating and authorizing network devices like routers and switches?

Also can we use it to authenticate VPN users?

 

Rgs

Mahmoud

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Raveen_
Regular Contributor
‎07-31-2012 01:50:AM
‎07-31-2012 01:50:AM

Re: Can MAG replace ACS for auth network devices

Hi,

 

We support all types of RADIUS attributes.

You could even add/Edit dictionaries to include any VSA (vendor specific attributes)

 

Regards,

Raveen

View solution in original post

0 Kudos
11 REPLIES 11
apaul_
Regular Contributor
‎07-30-2012 03:35:AM
‎07-30-2012 03:35:AM

Re: Can MAG replace ACS for auth network devices

MAG running Access control service supports various authentication methods using a variety of authentication protocols including EAP inner and outer authentication,non tunneled web authentication without EAP,and MAC address authentication etc.

It supports in addition to EAP-TTLS and EAP-PEAP,PAP, CHAP and the CHAP family, including MS-CHAP, MS-CHAP-V2 etc.

You just need to ensure that these routers and switches are configured to use one of the supported authentication protocols.

 

Thanks

0 Kudos
Raveen_
Regular Contributor
‎07-30-2012 05:36:AM
‎07-30-2012 05:36:AM

Re: Can MAG replace ACS for auth network devices

MAG does not support EAP-FAST, however, you can proxy the requests to Juniper SBR.

 

Regards,

Raveen

0 Kudos
eng_mahmood48_
Contributor
‎07-31-2012 12:44:AM
‎07-31-2012 12:44:AM

Re: Can MAG replace ACS for auth network devices

so we can use MAG instead of ACS for authenticating network devices, is it the same as authenticating normal users by creating realm and roles then to create role-mapping rules?

 

also what about authorization; can we create authorization roles for the network devices, like to create a downlodable access list?

 

Rgs

Mahmoud

0 Kudos
Raveen_
Regular Contributor
‎07-31-2012 01:39:AM
‎07-31-2012 01:39:AM

Re: Can MAG replace ACS for auth network devices

Yes your understanding is correct!

You can authorize by configuring RADIUS Return Attributes Policies
 under Admin Console-->UAC --> Network Access

 

Regards,

Raveen

 

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

0 Kudos
kalagesan_
Super Contributor
‎07-31-2012 01:39:AM
‎07-31-2012 01:39:AM

Re: Can MAG replace ACS for auth network devices

Hi,

Yes you can use can MAG instead of ACS for authenticating network devices, Yes you need to create roles and realms, role mapping rules for this. you can have the authentication server as local or external authentication server like active directory, LDAP etc.

 

You can also create resource access policy on the IC 

 

Regards,

kannan

0 Kudos
eng_mahmood48_
Contributor
‎07-31-2012 01:47:AM
‎07-31-2012 01:47:AM

Re: Can MAG replace ACS for auth network devices

Hi Raveen

 

the authorization type am looking for is like;

Some users have privilege to perform certain commands, and some users have certain level of privileges (1-15).

 

so is this supported under return attributes policies?

 

Rgs

Mahmoud

0 Kudos
Raveen_
Regular Contributor
‎07-31-2012 01:50:AM
‎07-31-2012 01:50:AM

Re: Can MAG replace ACS for auth network devices

Hi,

 

We support all types of RADIUS attributes.

You could even add/Edit dictionaries to include any VSA (vendor specific attributes)

 

Regards,

Raveen

0 Kudos
eng_mahmood48_
Contributor
‎07-31-2012 03:29:AM
‎07-31-2012 03:29:AM

Re: Can MAG replace ACS for auth network devices

Hi Raveen

 

can you provide me for a configuration example or a guide for this.

 

Rgs

Mahmoud

0 Kudos
Raveen_
Regular Contributor
‎08-01-2012 12:15:AM
‎08-01-2012 12:15:AM

Re: Can MAG replace ACS for auth network devices

Hi Mahmoud,

 

Please refer page no 172 through 175 of UAC administration guide for more details:

 

http://www.juniper.net/techpubs/software/uac/4.2xguides/j-ic-uac-4.2-adminguide.pdf

 

Regards,

Raveen

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.