[Prev][Next][Report an Error]

Configuring 802.1x—Quick Configuration

Juniper devices use 802.1X authentication to implement access control in an enterprise network. Supplicants (hosts) are authenticated at the initial connection to your LAN. By authenticating supplicants before they receive an IP address from a DHCP server, unauthorized supplicants are prevented from gaining access to your LAN.

You can use the J-Web Quick Configuration to configure 802.1x authentication.

To access the 802.1x Quick Configuration:

In the J-Web user interface, select Configure>Security>802.1x.
The 802.1x screen displays a list of interfaces, whether 802.1x security has been enabled on the interface, and the assigned port role.

When you select a particular interface, the Details section displays 802.1x details for the interface.
Click one:
- RADIUS Servers—Specifies the RADIUS server to be used for authentication. Select the check box to select the required server. Click Add or Edit to add or modify the RADIUS server settings. Enter information as specified in Table 178.
- Exclusion List—Excludes hosts from the 802.1x authentication list by specifying the MAC address. Click Add or Edit in the Exclusion List to include or modify the MAC addresses. Enter information as specified in Table 179.
- Edit—Specifies 802.1x settings for the selected interface
  - Apply 802.1x Profile—Applies a predefined 802.1x profile based on the port role. If a message appears asking if you want to configure a RADIUS server, click Yes.
  - 802.1x Configuration—Configures custom 802.1x settings for the selected interface. If a message appears asking if you want to configure a RADIUS server, click Yes. Enter information as specified in Table 178. To configure 802.1x settings, enter information as specified in Table 180.
- Delete—Deletes 802.1x authentication configuration on the selected interface.
Click one:
- To apply changes to the configuration, click OK.
- To cancel the configuration without saving changes, click Cancel.

Table 178: RADIUS Server Settings

Field	Function	Action
IP Address	Specifies the IP address of the server.	Enter the IP address in dotted decimal notation.
Password	Specifies the login password.	Enter the password.
Confirm Password	Verifies the login password for the server.	Reenter the password.
Server Port Number	Specifies the port with which the server is associated.	Enter the port number.
IP Address	Specifies the source address of the server.	Enter the server’s 32-bit IP address, in dotted decimal notation.
Retry Attempts	Specifies the number of login retries allowed after a login failure.	Enter a value from 1 to 10.
Timeout	Specifies the time, in seconds, before the connection to the server is closed.	Enter a value from 1 to 90 seconds.

Table 179: 802.1x Exclusion List

Field	Function	Action
MAC Address	Specifies the MAC address to be excluded from 802.1x authentication.	Enter the MAC address.
Exclude if connected through port	Specifies that the host can bypass authentication if it is connected through a particular interface.	Select to enable the option. Select the port through which the host is connected.
Move the host to VLAN	Specifies moving the host to a specific VLAN once the host is authenticated.	Select to enable the option. Select the VLAN from the list.

Table 180: 802.1x Port Settings

Field	Function	Action
Supplicant Mode
Supplicant Mode	Specifies the mode to be adopted for supplicants: Single—Allows only one host for authentication. Multiple—Allows multiple hosts for authentication. Each host is checked before being admitted to the network. Single authentication for multiple hosts—Allows multiple hosts but only the first is authenticated.	Select the required mode.
Authentication
Enable re-authentication	Specifies enabling reauthentication on the selected interface.	Select to enable reauthentication. Enter the timeout for reauthentication from 1 through 65,535 seconds.
Action on authentication failure	Specifies the action to be taken in case of an authentication failure.	Select one: Move to the Guest VLAN—Select the VLAN to which unauthenticated hosts are permitted access. Deny—The host is not permitted access.
Timeouts	Specifies timeout values for each action.	Enter the value in seconds for: Port waiting time after an authentication failure. Enter a value from 0 through 65,535 EAPOL retransmitting interval. Enter a value from 1 through 65,535. Maximum number of EAPOL requests. Enter a value from 1 through 10. Maximum number of retries. Enter a value from 1 through 10. Port timeout value for the response from the supplicant. Enter a value from 1 through 60. Port timeout value for the response from the RADIUS server. Enter a value from 1 through 60.

[Prev][Next][Report an Error]