Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Authentication and Access Control

  • Dynamic filter IPv6 support—Starting in Junos OS Release 23.4R1, you can install filters having destination IPv6 as a match condition. Both IPv4 and IPv6 match conditions can be specified within the same filter.

    [See User Access and Authentication Administration Guide for Junos OS .]

  • Support for VLAN group on EX series switches (EX Series)—Starting in Junos OS Release 23.4R1, you can configure VLAN group on EX series switches. The 802.1X VLAN group maps a single WLAN to a single VLAN or multiple VLANs. In this feature, the VLAN group name is added within the Tunnel-Private-Group-ID (defined as RADIUS attribute type 81, RFC 2868) and sent in the RADIUS response instead of a regular VLAN ID or VLAN Name. It helps to reduce the number of broadcast domains and reduce the need for administrators to load balance your network.

    To configure VLAN groups, you can use the set vlans vlan-groups vlan_group_name vlan-id-listvlan-id-list configuration statement at the [edit vlans] hierarchy level.

    [See Configuring VLAN Groups on EX Series Switches.]

  • Support for micro and macro segmentation with GBP using Mist Access Assurance (EX4100, EX4400, and EX4650)—Starting in Junos OS Release 23.4R1, we support micro and macro segmentation in a VXLAN (Virtual extensible Local Area Network) architecture using Group Based Policy (GBP) through Juniper Mist Access Assurance. GBP tags are assigned dynamically to clients as part of RADIUS transaction by Mist Cloud NAC.

    [See 802.1X for Switches Overview.]

  • Control device access privileges with exact match configuration (ACX5448, ACX5448-M, ACX5448-D, ACX710, EX2300, EX2300-MP, EX2300-C, EX2300-VC, EX3400, EX3400-VC, EX4100-48MP, EX4100-H-12P, EX4100-H-12P-DC, EX4100-H-24P, EX4100-H-24P-DC, EX4100-H-24F, EX4100-H-24F-DC, EX4100-24MP, EX4100-48P, EX4100-48T, EX4100-24P, EX4100-24T, EX4100-F-48P, EX4100-F-24P, EX4100-F-48T, EX4100-F-24T, EX4100-F-12P, EX4100-F-12T, EX4300-MP, EX4300VC, EX4400-24MP, EX4400-24P, EX4400-24T, EX4400-24X, EX4400-48F, EX4400-48MP, EX4400-48P, EX4400-48T, EX4600-VC, EX4650, EX4650-48Y-VC, EX9204, EX9208, EX9214, MX204, MX240, MX304, MX480, MX960, MX10003, MX10004, MX10008, MX10016, MX2008, MX2010, MX2020, QFX10002-60C, QFX10002, QFX10008, and QFX10016)—Starting in Junos OS Release 23.4R1, you can configure access privileges for login classes by allowing or denying full hierarchy strings with the allow-configuration-exact-match and deny-configuration-exact-match configuration options. The exact match configuration enables you to set separate permissions for set, delete, activate, or deactivate operators for any hierarchy.

    The allow-configuration-exact-match and deny-configuration-exact-match configuration options support full hierarchy strings as well as wildcard characters and regular expressions.

    [See Understanding Exact Match Access Privileges for Login Classes.]