Hi kalev,

IC web based authentication is mainly used for Layer 3 connection .

For Cisco Switch layer 2 authentication, we can enabled 802.1x EAP based authentication.

I would need a detailed used case explanation on why you need web based authetication for the cisco switch using IC .

This will help me in better understanding of your requirement

Regards,

Kannan

Hi,

http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml

If You read through the introduction then it should be understandable what goes on.

My question is can this be achieved with IC?

And if yes then can anyone give some pointers?

As what radius attributes are involved and such.

Any help greatly appreciated.

BR,

Kalev

Hi kalevn

I understand that you wanted to know whether Juniper IC can perform the Central web authentication with wired clients connected to switches with the help of the Identity Services Engine (ISE).

For layer 2 802.1x authentication we only have agent based access ( OAC/pulse or native client ), Web based agentless authentication is availble only for layer 3 authentication.

I would recommend you to work Juniper account team on this since they can help with more information about this query and also the raod map on the Juniper IC

Regards,

Kannan

Hi,

the cisco webauth feature with ISE is layer 3 authentication.

My question is has anybody been able to make this work with IC?

Cisco switch confgured to use webauth but the central auth is through IC not ISE.

BR,

Kalev

Hi Nurklik,

Layer 3 authentication Web authentication solution is possible and Supported in IC.

This is supported only for the following devices by IC. This solution is called captive portal solution.

1. Juniper Screen OS firewall

2. Juniper SRX Firewall ( JUNOS Firewall)

3. Juniper EX switches

Hope this clarifies your query

Regards,

Kannan

I understood that any 802.1x switch could participate in the captive portal. As long as the vlans were behind either a Junos or ScreenOS firewall as the infranet enforcer.

Are you saying that you must have a junos switch to use the captive portal?

Hi Steve ,

Yes your understanding is right , any 802.1x switch can participate in the captive portal however the enforcement can be done only using the Junos based FW , EX switch and Screen OS firewall.

In this case customer wanted a web redirection from the cisco switch, normally web redirection for protected resources are configured on the Juniper supported enforcers and as you said I also believe as long as the vlans are behind either a Junos or ScreenOS firewall as the infranet enforcer our solution should work for this customer.

It.s not a must to have a junos switch to use the captive portal.

Regards

Kannan