 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Extensible Authentication Protocol (EAP) is a protocol that supports multiple methods for authenticating a peer before allowing network layer protocols to transmit over the link. JUNOSe software supports the exchange of EAP messages between JUNOSe applications, such as PPP, and an external RADIUS authentication server.
The JUNOSe software’s AAA service accepts and passes EAP messages between the JUNOSe application and the router’s internal RADIUS authentication server. The internal RADIUS authentication server, which is a RADIUS client, provides EAP pass-through—the RADIUS client accepts the EAP messages from AAA, and sends the messages to the external RADIUS server for authentication. The RADIUS client then passes the response from the external RADIUS authentication server back to the AAA service, which then sends a response to the JUNOSe application. The AAA service and the internal RADIUS authentication service do not process EAP information—both simply act as pass-through devices for the EAP message.
The router’s local authentication server and TACACS+ authentication servers do not support the exchange of EAP messages. These type of servers deny access if they receive an authentication request from AAA that includes an EAP message. EAP messages do not affect the none authentication configuration, which always grants access.
The local RADIUS authentication server uses the following RADIUS attributes when exchanging EAP messages with the external RADIUS authentication server:
For additional information on configuring PPP to use EAP authentication, see JUNOSe Link Layer Configuration Guide .
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |