Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX/SRX Branch] 802.1x (DOT1X) Attributes for the EX Series Switch and SRX Branch devices

0

0

Article ID: KB11078 KB Last Updated: 18 Sep 2013Version: 2.0
Summary:

This article provides the 802.1x (DOT1X) attributes for the EX-series switch and SRX branch devices.  Please refer to Juniper Technical Assistance Center for further information concerning 802.1x and current supported options.

Symptoms:

Cause:

Solution:


 RADIUS attributes used for Authentication on EX switches and SRX branch devices

Attribute number as defined by RADIUS RFCs

Attribute-Value (AV) pair name

Messages used in

1

User-Name

Access-Request

2

User-Password

Access-Request

4

NAS-IP-Address

Access-Request

5

NAS-Port

Access-Request

11

Filter-Id

Access-Accept. The value(s) refer to already existing ACL(s) defined on the switch.

12

Framed-MTU

Access-Request. The value is set to 1500 for Ethernet.

25

Class

Access-Accept

26

Vendor-specific

Access-Accept. This will be a series of ASCII characters defining an ACL to be applied on the port. Vendor-Id used will be 2636.

27

Session-Timeout

Access-Accept. This can be used to override the re-authentication timeout value configured on the switch.

Access-Challenge. This can be used to override the Supplicant timeout value configured on the switch.

29

Termination-Action

Access-Accept. The only valid value is RADIUS-Accept (This parameter is made mandatory by IEEE if Session-Timeout is used, even though it can have only one value)

30

Called-Station-Id (MAC address of switch)

Access-Request

31

Calling-Station-Id (MAC address of supplicant)

Access-Request

61

NAS-Port-Type

Access-Request

64

Tunnel-Type

Access-Accept. Used for Dynamic VLAN assignment. Should have value VLAN (type 13).

65

Tunnel-Medium-Type

Access-Accept. Used for Dynamic VLAN assignment. Should have value 802 (type 6).

79

EAP-Message

Access-Request

Access-Challenge

Access-Accept

Access-Reject

80

Message Authenticator

Access-Request

Access-Challenge

Access-Accept

Access-Reject

81

Tunnel-Private-Group-ID

Access-Accept. Used for Dynamic VLAN assignment. Has either the VLAN ID or the VLAN name to which the port has to be moved to.

Not yet defined

NAS-Traffic-Rule

Access-Accept

Change-of-Authorization (CoA)

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search