Understanding Port-Based Authentication in a Junos Fusion Provider Edge
Junos Fusion supports port-based authentication as defined by IEEE 802.1X standard to prevent unauthorized network access on the extended ports of the satellite devices. The satellite device blocks all packets to and from the supplicant (client) except for Extensible Authentication Protocol over LAN (EAPoL) packets at the interface. EAPoL allows the client to authenticate to an authentication server, such as a RADIUS server. Once the authentication server validates the supplicant’s credentials, the switch opens the interface to the supplicant and allows access to the network. For more information on 802.1x authentication, see Configuring 802.1X Interface Settings on MX Series Routers in Enhanced LAN Mode.
Junos fusion also supports central Web authentication. Central Web authentication redirects Web browser requests to a central Web authentication server that manages the authentication and authorization process. Upon successful authorization, the user is allowed access to the network. For more information on central Web authentication, see Understanding Central Web Authentication.
The authentication server in a Junos Fusion should be connected directly to the aggregation device and not to an extended port on a satellite device.