cancel
Showing results for 
Search instead for 
Did you mean: 

Can MAG replace ACS for auth network devices

SOLVED
eng_mahmood48_
Contributor

Can MAG replace ACS for auth network devices

Hi

 

Can MAG replace Cisco ACS for authenticating and authorizing network devices like routers and switches?

Also can we use it to authenticate VPN users?

 

Rgs

Mahmoud

1 ACCEPTED SOLUTION

Accepted Solutions
Raveen_
Regular Contributor

Re: Can MAG replace ACS for auth network devices

Hi,

 

We support all types of RADIUS attributes.

You could even add/Edit dictionaries to include any VSA (vendor specific attributes)

 

Regards,

Raveen

View solution in original post

11 REPLIES 11
apaul_
Regular Contributor

Re: Can MAG replace ACS for auth network devices

MAG running Access control service supports various authentication methods using a variety of authentication protocols including EAP inner and outer authentication,non tunneled web authentication without EAP,and MAC address authentication etc.

It supports in addition to EAP-TTLS and EAP-PEAP,PAP, CHAP and the CHAP family, including MS-CHAP, MS-CHAP-V2 etc.

You just need to ensure that these routers and switches are configured to use one of the supported authentication protocols.

 

Thanks

Raveen_
Regular Contributor

Re: Can MAG replace ACS for auth network devices

MAG does not support EAP-FAST, however, you can proxy the requests to Juniper SBR.

 

Regards,

Raveen

eng_mahmood48_
Contributor

Re: Can MAG replace ACS for auth network devices

so we can use MAG instead of ACS for authenticating network devices, is it the same as authenticating normal users by creating realm and roles then to create role-mapping rules?

 

also what about authorization; can we create authorization roles for the network devices, like to create a downlodable access list?

 

Rgs

Mahmoud

Raveen_
Regular Contributor

Re: Can MAG replace ACS for auth network devices

Yes your understanding is correct!

You can authorize by configuring RADIUS Return Attributes Policies
 under Admin Console-->UAC --> Network Access

 

Regards,

Raveen

 

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

kalagesan_
Super Contributor

Re: Can MAG replace ACS for auth network devices

Hi,

Yes you can use can MAG instead of ACS for authenticating network devices, Yes you need to create roles and realms, role mapping rules for this. you can have the authentication server as local or external authentication server like active directory, LDAP etc.

 

You can also create resource access policy on the IC 

 

Regards,

kannan

eng_mahmood48_
Contributor

Re: Can MAG replace ACS for auth network devices

Hi Raveen

 

the authorization type am looking for is like;

Some users have privilege to perform certain commands, and some users have certain level of privileges (1-15).

 

so is this supported under return attributes policies?

 

Rgs

Mahmoud

Raveen_
Regular Contributor

Re: Can MAG replace ACS for auth network devices

Hi,

 

We support all types of RADIUS attributes.

You could even add/Edit dictionaries to include any VSA (vendor specific attributes)

 

Regards,

Raveen

View solution in original post

eng_mahmood48_
Contributor

Re: Can MAG replace ACS for auth network devices

Hi Raveen

 

can you provide me for a configuration example or a guide for this.

 

Rgs

Mahmoud

Raveen_
Regular Contributor

Re: Can MAG replace ACS for auth network devices

Hi Mahmoud,

 

Please refer page no 172 through 175 of UAC administration guide for more details:

 

http://www.juniper.net/techpubs/software/uac/4.2xguides/j-ic-uac-4.2-adminguide.pdf

 

Regards,

Raveen