I was wondering, when 802.1x method is first being used with Juniper NAC solution , did Juniper start support for Radius Change of Authorization from Day 1 ?
I mean, for ongoing posture assessment checks to be able to assign the client switchport to different VLANs even when the client was authenticated earlier is Radius CoA features.
If the answer to my question is NO, then how did Juniper accomplish ongoing posture assessment and actions when CoE was not supported ?
Thanks in advance.
VLAN transition for change in posture is not via RADIUS COA in Juniper UAC.
Juniper UAC does posture validation only when EAP-JUAC is selected as inner authentication method in OAC/PULSE Clinet.
OAC/PULSE does establish an L3 connection with UAC appliance and ongoing posture assesment is done via this L3 connection.
When there is a change in posture, OAC/PULSE will disconnect the already established connection and re-authentication happens which would result in VLAN transition.
Hope I have answered your question.
Note: If I have answered your question , you could mark this post as accepted solution, that way it would help others as well. A kudo would be cool if you think I earned it.