cancel
Showing results for 
Search instead for 
Did you mean: 

How to deploy NAC solution?

michael.saw_
Regular Contributor

How to deploy NAC solution?

Hi all,

How do you deploy Juniper NAC Solution?

Are the below options feasible?

1. Using UAC (MAG) and Junos Pulse client

2. Using UAC (MAG), Junos Pulse client and SRX

3. Using UAC (MAG) , Junos Pulse client, SRX and SSL VPN (MAG)

4. Other combination?

Whats the main difference between L2 NAC and L3 NAC?

Do share any kb, doc links, useful case studies, if possible...

3 REPLIES 3
Raveen_
Regular Contributor

Re: How to deploy NAC solution?

Hi Michael,

Are the below options feasible?

1. Using UAC (MAG) and Junos Pulse client

<Raveen>

Yes for both L2 and L3 NAC

</Raveen>

2. Using UAC (MAG), Junos Pulse client and SRX

<Raveen>

Yes, SRX can be used as enforcer for L3 NAC.

</Raveen>

3. Using UAC (MAG) , Junos Pulse client, SRX and SSL VPN (MAG)

<Raveen>

Yes, you can use SRX for L3 enforment and SSL VPN in federation(IF-MAP solution)

</Raveen>


4. Other combination?

<Raveen>

Depends on your use case, like EX, IDP, STRM, Great Bay integration etc..

<Raveen>


Whats the main difference between L2 NAC and L3 NAC?


<Raveen>

L3 NAC is a Juniper firewall (either ScreenOS or Junos) based. It enforces network access at layer 3 of the OSI model, (which mean that, IP connectivity must be available).

Layer 2 enforcment is done at the switch or wireless access point level and uses the 802.1X authentiction protocol suite to authenticate a user BEFORE they get any network access.

</Raveen>

Do share any kb, doc links, useful case studies, if possible...

Please refer administration, interopability and solution guide available in support site:

http://www.juniper.net/support/products/uac/4.2/#doc

Regards,

Raveen

Note: If I answered your questions, please mark this as accepted solution, that way it would help others as well. A kudos will be bonus thanks!


michael.saw_
Regular Contributor

Re: How to deploy NAC solution?

1. Using UAC (MAG) and Junos Pulse client

<Raveen>
Yes for both L2 and L3 NAC
</Raveen>

What devices would be needed for L2 NAC? (Switch, Wireless AP... etc?)
What devices would be needed for L3 NAC? (FW...etc?)

Raveen_
Regular Contributor

Re: How to deploy NAC solution?

Hi Michael,

What devices would be needed for L2 NAC? (Switch, Wireless AP... etc?)


<Raveen

Yes, you are correct,any switch or wireless AP that is dot1x compliant, would suffice.

</Raveen>

What devices would be needed for L3 NAC? (FW...etc?)

<Raveen>

For L3 NAC, you got to have either Juniper SRX or Screen OS FW

</Raveen>

Note: If I have answered all your questions, you could mark this post as accepted solution, that way it helps others as well. A kudos will be bonus thanks!

Regards,

Raveen