Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Use Case Overview

Juniper Networks EX Series Ethernet Switches are designed to meet the demands of today’s high-performance businesses. They enable companies to grow their networks at their own pace, minimizing large up-front investments. Based on open standards, EX Series switches provide the carrier-class reliability, security risk management, virtualization, application control, and lower total cost of ownership (TCO) that businesses need today, while allowing businesses to scale in an economically sensible way for years to come.

Aruba ClearPass Policy Manager is a policy management platform that provides role-based and device-based network access control (NAC) for any user across any wired, wireless, and VPN infrastructure. Enterprises with Aruba wireless infrastructure typically deploy Aruba ClearPass to provide NAC services for the wireless infrastructure. Enterprises that also deploy EX Series switches in these environments can leverage the extensive RADIUS capabilities on EX Series switches to integrate with Aruba ClearPass. This integration enables enterprises to deploy consistent security policies across their wired and wireless infrastructure.

Enterprises typically have a variety of users and endpoints, which results in multiple use cases that need to be addressed by their policy infrastructure. Depending on the type of endpoint and how it is being used, an endpoint might be authenticated by 802.1X authentication, MAC RADIUS authentication, or captive portal authentication. The policy infrastructure should enable any device to be connected to any port on the access switch and to be authenticated based on the type of the device, the authorization level of the user, or both.

In this network configuration example, we show how to configure Juniper Networks EX Series switches and Aruba ClearPass Policy Manager to use device profiling as part of the authentication process. Device profiling enables Aruba ClearPass to determine the type of endpoint that is being authenticated—for example, whether it is an access point or a VoIP phone or a Windows computer—and then use that information to enforce access policy appropriate to the device type.