I have an SRX. I want to try its dot1x capabilities.
I also have an MAG-device setup in NAC-mode. I want users to receive a logon prompt on their machines upon plugging in a network cable.
I want the SRX to pass the information (radius request) and the MAG to accept the request (radius accept). Optionally I would like the MAG to return additional attributes such as port VLAN ID.
Can I have the MAG acting as a Radius-server it self? Or would I have to use an external authentication source and proxy through to that? It seems no matter what I do I can't make the MAG listen on port 1822/1823 or 1645/1646. Thus my SRX can't have users authenticated against the MAG.
I have found several docs for configuring this, but they are ambiguous. That is confusing me.
How to proceed?
I would first check on the licenses that are currently installed on the MAG device. What type of Licenses are currently installed ?
You could use MAG as RADIUS server and return VLAN attributes to SRX.
There is no need for external authentication source or proxy the incoming request, if user record reside in MAG's internal store.
Note: If I have answered your question correct, you could mark this post as accepted solution, that way it helps others as well. Kudos wil be cool.