Configuring Authentication Features (J-Web)
To configure 802.1X settings using the J-Web interface:
- From the Configure menu, select Security > 802.1X.
The 802.1X screen displays a list of interfaces, whether 802.1X security has been enabled, and the assigned port role.
When you select a particular interface, the Details section displays 802.1X details for the selected interface.
Note: After you make changes to the configuration, click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit.
- Click one:
- RADIUS Servers—specifies the RADIUS server to be used for authentication. Select the check box to select the server. Click Add or Edit to add or modify the RADIUS server settings. Enter information as specified in Table 71.
- Exclusion List—implements the authentication bypass option by listing the MAC address of each host to be excluded from 802.1X authentication. Click Add or Edit in the Exclusion list screen to include or modify the MAC address list. Enter information as specified in Table 72.
- Edit—specifies 802.1X settings for the selected
interface.
- Apply 802.1X Profile—applies a predefined 802.1X profile based on the port role. If a message appears asking if you want to configure a RADIUS server, click Yes and enter information as specified in Table 71.
- 802.1X Configuration—configures custom 802.1X settings for the selected interface. If a message appears asking if you want to configure a RADIUS server, click Yes and enter information as specified in Table 71. To configure 802.1X settings, enter information as specified in Table 73.
- Delete—deletes the existing 802.1X authentication configuration on the selected interface.
Table 71: RADIUS Server Settings
Field | Function | Your Action |
|---|---|---|
IP Address | Specifies the IP address of the server. | Enter the IP address in dotted decimal notation. |
Password | Specifies the login password. | Enter the password. |
Confirm Password | Verifies the login password for the server. | Reenter the password. |
Server Port Number | Specifies the port with which the server is associated. | Type the port number. |
Source Address | Specifies the source address of the SRX Series device for communicating with the server. | Type the IP address in dotted decimal notation. |
Retry Attempts | Specifies the number of login retries allowed after a login failure. | Type the number. |
Timeout | Specifies the time interval to wait before the connection to the server is closed. | Type the interval in seconds. |
Table 72: 802.1X Exclusion List
Field | Function | Your Action |
|---|---|---|
MAC Address | Specifies the MAC address to be excluded from 802.1X authentication. | Enter the MAC address. |
Exclude if connected through the port | Specifies that a supplicant can bypass authentication if it is connected through a particular interface. | Select to enable the option. Select the port through which the supplicant is connected. |
Move the host to the VLAN | Moves the host to a specific VLAN once the host is authenticated. | Select to enable the option. Select the VLAN from the list. |
Table 73: 802.1X Port Settings
Field | Function | Your Action |
|---|---|---|
Supplicant Mode | ||
Supplicant Mode | Specifies the mode to be adopted for supplicants:
| Select the required mode. |
Authentication | ||
Enable re-authentication | Specifies enabling reauthentication on the selected interface. | Select to enable reauthentication. Enter the timeout for reauthentication in seconds. |
Action for nonresponsive hosts | Specifies the action to be taken in case a supplicant is non-responsive:
| Select the desired action. |
Timeouts | Specifies timeout values for:
| Enter timeout values in seconds for the appropriate options. |