cancel
Showing results for 
Search instead for 
Did you mean: 

UAC local authentication with EX switch as Enforcer

SOLVED
ssuet_
Occasional Contributor

UAC local authentication with EX switch as Enforcer

Dear all

i dont have radius server i want to configure local authentication which i did .But i need to know what configuration i required on EX to make users able to authenticate from UAC

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
kalagesan_
Super Contributor

Re: UAC local authentication with EX switch as Enforcer

Hi,

Even if you are using System local authentication on IC the solution should work as expected.

For dot.1 x auth on EX switch you will be adding IC as a radius server ( this does not mean that you should use seprate radius server instance ) you can also use system local/active directory /certfiicate server etc and IC the EX switch will be added as radius clinet. This is a standard requirement for dot.1 x authentictaion mechanism.

Dot.1x authentication uses radius EAP tunnel between IC and EX switch for Layer 2 authentication where as when you use EX as enforcer the communication is through a seprate JUEP channel and this is fir Layer 3 authentication.

Hope this clarifies your query.

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Regards,
Kannan

View solution in original post

6 REPLIES 6
kalagesan_
Super Contributor

Re: UAC local authentication with EX switch as Enforcer

Hi,

This configuration is clearly documented in the 4.2 IC admin guide
under the section "Junos Pulse Access Control Service Interoperability with the EX Series
Ethernet Switch"

PLease refer page#145, 146

Please use the below URL to access the same:
http://www.juniper.net/techpubs/software/uac/4.2xguides/j-ic-uac-4.2-adminguide.pdf

Regards,
Kannan

ssuet_
Occasional Contributor

Re: UAC local authentication with EX switch as Enforcer

Thanks

Is it necessary to configure Radius on EX switch becuase i dont have radius and im using local authentication

Belwo is the link

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB16976

Stanislas P_
Contributor

Re: UAC local authentication with EX switch as Enforcer

Hi,

to configure UAC, you need a Infranet Controler which is a RADIUS Server.

Regards,

Stanislas

kalagesan_
Super Contributor

Re: UAC local authentication with EX switch as Enforcer

Hi,

Even if you are using System local authentication on IC the solution should work as expected.

For dot.1 x auth on EX switch you will be adding IC as a radius server ( this does not mean that you should use seprate radius server instance ) you can also use system local/active directory /certfiicate server etc and IC the EX switch will be added as radius clinet. This is a standard requirement for dot.1 x authentictaion mechanism.

Dot.1x authentication uses radius EAP tunnel between IC and EX switch for Layer 2 authentication where as when you use EX as enforcer the communication is through a seprate JUEP channel and this is fir Layer 3 authentication.

Hope this clarifies your query.

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Regards,
Kannan

View solution in original post

ssuet_
Occasional Contributor

Re: UAC local authentication with EX switch as Enforcer

Hi Kanan

Thanks for your help .Could you please share any document which show layer2 and layer deployment

Thanks

kalagesan_
Super Contributor

Re: UAC local authentication with EX switch as Enforcer


Hi ,

I understand that you are looking for document which show layer2 and layer deployment.

Please use the below guide URL for understnading Layer 2 and the IC Series RADIUS Server

http://www.juniper.net/techpubs/software/uac/4.2xguides/j-ic-uac-4.2-radius.pdf


4.2 IC admin guide has also have the requested information, you can access using the below URL:

http://www.juniper.net/techpubs/software/uac/4.2xguides/j-ic-uac-4.2-adminguide.pdf

Kindly refer Chapter 5#The UAC RADIUS Server and Layer 2 Access, page# 151, this has subtopics
that you are requested for, also refer the topic

"Understanding 802.1X Network Access Control Deployments" page #164

Hope the information provided is helpful.


Regards,
Kannan