Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UAC 802.1x for failed authen client?

zerofai_
New Contributor
‎02-29-2012 07:27:AM
‎02-29-2012 07:27:AM

UAC 802.1x for failed authen client?

Hi all,

I am testing deployment option for UAC. I am able to configure UAC to work with Juniper and Cisco switch, and switch non 802.1x client to guest VLAN, and my authorized 802.1x Windows machine with open port action.

When I test the case that a non authorized 802.1x aware client connect to the port, I see authentication fail information from user access logs, as the credential cannot match any realms. And authentication failed, the port not able to switch to Guest VLAN.

Is there anyway to create a realms to catch those failed authen client? I have try anonymous but not success.

Please advise!

Cheers,
Fai

0 Kudos
4 REPLIES 4
Raveen_
Regular Contributor
‎02-29-2012 06:45:PM
‎02-29-2012 06:45:PM

Re: UAC 802.1x for failed authen client?

1. You can configure MAC-Auth-Bypass in the switch, and create a mac-auth realm in IC to authenticate Guest users.

2. You can configure Auth-Fail VLAN in switch and enforce the clients to a particular VLAN.

3. If there be any radius-attribute in Radius-request packet that is unique to the Guest access, then we can create Radius request policies in IC and do anonymous authentication.

You can choose either of the above.

Note: You could mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

0 Kudos
zerofai_
New Contributor
‎03-08-2012 12:06:AM
‎03-08-2012 12:06:AM

Re: UAC 802.1x for failed authen client?

Hi Raveen, Thanks, so there is no method to specify a VLAN for failed authen client? As I see this option in other vendor products. Regards, Fai
0 Kudos
Raveen_
Regular Contributor
‎03-08-2012 02:26:AM
‎03-08-2012 02:26:AM

Re: UAC 802.1x for failed authen client?

The third option that I mentioned in my earlier reply would allow IC to send VLAN attributes.

May be based on client's mac-address or nas-port or any other radius-attribute you can filter and do anonymous authentication.

Regards,

Raveen

0 Kudos
Raveen_
Regular Contributor
‎03-08-2012 02:52:AM
‎03-08-2012 02:52:AM

Re: UAC 802.1x for failed authen client?

You could do realm slection based on EAP-Type as well.

Regards,

Raveen

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.