Configuring Authentication Features (J-Web)

To configure 802.1X settings using the J-Web interface:

  1. From the Configure menu, select Security > 802.1X.

    The 802.1X screen displays a list of interfaces, whether 802.1X security has been enabled, and the assigned port role.

    When you select a particular interface, the Details section displays 802.1X details for the selected interface.

    Note: After you make changes to the configuration, click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit.

  2. Click one:
    • RADIUS Servers—specifies the RADIUS server to be used for authentication. Select the check box to select the server. Click Add or Edit to add or modify the RADIUS server settings. Enter information as specified in Table 49.
    • Exclusion List—implements the authentication bypass option by listing the MAC address of each host to be excluded from 802.1X authentication. Click Add or Edit in the Exclusion list screen to include or modify the MAC address list. Enter information as specified in Table 50.
    • Edit—specifies 802.1X settings for the selected interface.
      • Apply 802.1X Profile—applies a predefined 802.1X profile based on the port role. If a message appears asking if you want to configure a RADIUS server, click Yes and enter information as specified in Table 49.
      • 802.1X Configuration—configures custom 802.1X settings for the selected interface. If a message appears asking if you want to configure a RADIUS server, click Yes and enter information as specified in Table 49. To configure 802.1X settings, enter information as specified in Table 51.
    • Delete—deletes the existing 802.1X authentication configuration on the selected interface.

Table 49: RADIUS Server Settings

Field

Function

Your Action

IP Address

Specifies the IP address of the server.

Enter the IP address in dotted decimal notation.

Password

Specifies the login password.

Enter the password.

Confirm Password

Verifies the login password for the server.

Reenter the password.

Server Port Number

Specifies the port with which the server is associated.

Type the port number.

Source Address

Specifies the source address of the SRX Series device for communicating with the server.

Type the IP address in dotted decimal notation.

Retry Attempts

Specifies the number of login retries allowed after a login failure.

Type the number.

Timeout

Specifies the time interval to wait before the connection to the server is closed.

Type the interval in seconds.

Table 50: 802.1X Exclusion List

Field

Function

Your Action

MAC Address

Specifies the MAC address to be excluded from 802.1X authentication.

Enter the MAC address.

Exclude if connected through the port

Specifies that a supplicant can bypass authentication if it is connected through a particular interface.

Select to enable the option. Select the port through which the supplicant is connected.

Move the host to the VLAN

Moves the host to a specific VLAN once the host is authenticated.

Select to enable the option. Select the VLAN from the list.

Table 51: 802.1X Port Settings

Field

Function

Your Action

Supplicant Mode

Supplicant Mode

Specifies the mode to be adopted for supplicants:

  • Single—allows only one host for authentication.
  • Multiple—allows multiple hosts for authentication. Each host is checked before being admitted to the network.
  • Single authentication for multiple hosts—allows multiple hosts but only the first is authenticated.

Select the required mode.

Authentication

Enable re-authentication

Specifies enabling reauthentication on the selected interface.

Select to enable reauthentication. Enter the timeout for reauthentication in seconds.

Action for nonresponsive hosts

Specifies the action to be taken in case a supplicant is non-responsive:

  • Move to the Guest VLAN—moves the supplicant to the specified Guest VLAN.
  • Deny—does not permit access to the supplicant.

Select the desired action.

Timeouts

Specifies timeout values for:

  • Port waiting time after an authentication failure
  • EAPOL re-transmitting interval
  • Maximum EAPOL requests
  • Maximum number of retries
  • Port timeout value for a response from the supplicant
  • Port timeout value for a response from the RADIUS server

Enter timeout values in seconds for the appropriate options.