Authentication and Access Control
-
Support for P-VLANs with egress VLAN list and 802.1X (EX2300, EX3400, EX4100, EX4100-F, EX4300, and EX4400)—Starting in Junos OS Release 22.3R1, the listed EX Series switches support a private VLAN (P-VLAN) (with an egress VLAN ID or egress VLAN name) when 802.1X is also enabled on the port. We support IETF-defined RADIUS attributes that provide VLAN assignments and also indicate whether frames on the VLAN are tagged or untagged. This enables the network access control (NAC) server to dynamically assign VLANs on colorless ports. You can make the VLAN assignments, which are based on device profiling, on either access ports or trunk ports.
[See Creating a Private VLAN Spanning Multiple EX Series Switches (CLI Procedure) and Configuring Colorless Ports on EX Series Switches with Aruba ClearPass Policy Manager and Cisco ISE.]
- 802.1X support on LAG interfaces (EX4400 and EX4650) — Starting in Junos OS Release 22.3R1, 802.1X authentication is supported on LAG interfaces. 802.1X is an IEEE standard for port-based network access control that authenticates users attached to a LAN port. It blocks all traffic to and from a supplicant (client) at the interface until the supplicant's credentials are presented and matched on the RADIUS authentication server.