cancel
Showing results for
Did you mean:

## UAC local authentication with EX switch as Enforcer

SOLVED
Occasional Contributor

## UAC local authentication with EX switch as Enforcer

Dear all

i dont have radius server i want to configure local authentication which i did .But i need to know what configuration i required on EX to make users able to authenticate from UAC

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Super Contributor

## Re: UAC local authentication with EX switch as Enforcer

Hi,

Even if you are using System local authentication on IC the solution should work as expected.

For dot.1 x auth on EX switch you will be adding IC as a radius server ( this does not mean that you should use seprate radius server instance ) you can also use system local/active directory /certfiicate server etc and IC the EX switch will be added as radius clinet. This is a standard requirement for dot.1 x authentictaion mechanism.

Dot.1x authentication uses radius EAP tunnel between IC and EX switch for Layer 2 authentication where as when you use EX as enforcer the communication is through a seprate JUEP channel and this is fir Layer 3 authentication.

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Regards,
Kannan

6 REPLIES 6
Super Contributor

## Re: UAC local authentication with EX switch as Enforcer

Hi,

This configuration is clearly documented in the 4.2 IC admin guide
under the section "Junos Pulse Access Control Service Interoperability with the EX Series
Ethernet Switch"

Please use the below URL to access the same:

Regards,
Kannan

Occasional Contributor

## Re: UAC local authentication with EX switch as Enforcer

Thanks

Is it necessary to configure Radius on EX switch becuase i dont have radius and im using local authentication

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB16976

Contributor

## Re: UAC local authentication with EX switch as Enforcer

Hi,

to configure UAC, you need a Infranet Controler which is a RADIUS Server.

Regards,

Stanislas

Super Contributor

## Re: UAC local authentication with EX switch as Enforcer

Hi,

Even if you are using System local authentication on IC the solution should work as expected.

For dot.1 x auth on EX switch you will be adding IC as a radius server ( this does not mean that you should use seprate radius server instance ) you can also use system local/active directory /certfiicate server etc and IC the EX switch will be added as radius clinet. This is a standard requirement for dot.1 x authentictaion mechanism.

Dot.1x authentication uses radius EAP tunnel between IC and EX switch for Layer 2 authentication where as when you use EX as enforcer the communication is through a seprate JUEP channel and this is fir Layer 3 authentication.

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Regards,
Kannan

Occasional Contributor

## Re: UAC local authentication with EX switch as Enforcer

Hi Kanan

Thanks for your help .Could you please share any document which show layer2 and layer deployment

Thanks

Super Contributor

## Re: UAC local authentication with EX switch as Enforcer

Hi ,

I understand that you are looking for document which show layer2 and layer deployment.

4.2 IC admin guide has also have the requested information, you can access using the below URL:

Kindly refer Chapter 5#The UAC RADIUS Server and Layer 2 Access, page# 151, this has subtopics
that you are requested for, also refer the topic

"Understanding 802.1X Network Access Control Deployments" page #164

Hope the information provided is helpful.

Regards,
Kannan