[Prev][Next][Report an Error]

Configuring 802.1x—Quick Configuration

Juniper devices use 802.1X authentication to implement access control in an enterprise network. Supplicants (hosts) are authenticated at the initial connection to your LAN. By authenticating supplicants before they receive an IP address from a DHCP server, unauthorized supplicants are prevented from gaining access to your LAN.

You can use the J-Web Quick Configuration to configure 802.1x authentication.

To access the 802.1x Quick Configuration:

  1. In the J-Web user interface, select Configuration > Quick Configuration > Switching > 802.1x.

    The 802.1x screen displays a list of interfaces, whether 802.1x security has been enabled on the interface, and the assigned port role.

    When you select a particular interface, the Details section displays 802.1x details for the interface.

  2. Click one:
  3. Click one:

Table 162: RADIUS Server Settings

Field

Function

Action

IP Address

Specifies the IP address of the server.

Enter the IP address in dotted decimal notation.

Password

Specifies the login password.

Enter the password.

Confirm Password

Verifies the login password for the server.

Reenter the password.

Server Port Number

Specifies the port with which the server is associated.

Enter the port number.

IP Address

Specifies the source address of the server.

Enter the server’s 32-bit IP address, in dotted decimal notation.

Retry Attempts

Specifies the number of login retries allowed after a login failure.

Enter a value from 1 to 10.

Timeout

Specifies the time, in seconds, before the connection to the server is closed.

Enter a value from 1 to 90 seconds.

Table 163: 802.1x Exclusion List

Field

Function

Action

MAC Address

Specifies the MAC address to be excluded from 802.1x authentication.

Enter the MAC address.

Exclude if connected through port

Specifies that the host can bypass authentication if it is connected through a particular interface.

Select to enable the option. Select the port through which the host is connected.

Move the host to VLAN

Specifies moving the host to a specific VLAN once the host is authenticated.

Select to enable the option. Select the VLAN from the list.

Table 164: 802.1x Port Settings

Field

Function

Action

Supplicant Mode

Supplicant Mode

Specifies the mode to be adopted for supplicants:

  • Single—Allows only one host for authentication.
  • Multiple—Allows multiple hosts for authentication. Each host is checked before being admitted to the network.
  • Single authentication for multiple hosts—Allows multiple hosts but only the first is authenticated.

Select the required mode.

Authentication

Enable re-authentication

Specifies enabling reauthentication on the selected interface.

  1. Select to enable reauthentication.
  2. Enter the timeout for reauthentication from 1 through 65,535 seconds.

Action on authentication failure

Specifies the action to be taken in case of an authentication failure.

Select one:

  • Move to the Guest VLAN—Select the VLAN to which unauthenticated hosts are permitted access.
  • Deny—The host is not permitted access.

Timeouts

Specifies timeout values for each action.

Enter the value in seconds for:

  • Port waiting time after an authentication failure. Enter a value from 0 through 65,535
  • EAPOL retransmitting interval. Enter a value from 1 through 65,535.
  • Maximum number of EAPOL requests. Enter a value from 1 through 10.
  • Maximum number of retries. Enter a value from 1 through 10.
  • Port timeout value for the response from the supplicant. Enter a value from 1 through 60.
  • Port timeout value for the response from the RADIUS server. Enter a value from 1 through 60.

[Prev][Next][Report an Error]