Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to implement 802.1x (dot1x) with the Unified Access Controller (UAC IC), Odyssey Access Client (OAC), and the EX series Switch

0

0

Article ID: KB12722 KB Last Updated: 20 Feb 2020Version: 4.0
Summary:

The following article provides an example of how to implement 802.1x (dot1x), with the Unified Access Controller (UAC IC (Infranet Controller)), Odyssey Access Client (OAC), and the EX Series Switch. 

Note: Certain configuration settings change over time and this article provides a generic procedure for connecting all of the elements mentioned.

 

Symptoms:

How to implement 802.1x (dot1x), with the Unified Access Controller (UAC IC (Infranet Controller)), Odyssey Access Client (OAC), and the EX series Switch.

 

Solution:

Infranet Controller (IC) with IP 10.209.72.152 and EX Switch me0 IP is 10.209.72.59 for EX Switch to Infranet Controller (IC) communication

IC = 10.209.72.152

EX me0 = 10.209.72.59

There are two VLANs configured on the EX Switch:

VLAN 666 Quarantine

VLAN 10

The host getting authenticated is on EX Switch interface ge-0/0/1

We check for c:\XXX.txt on the host and if present assign vlan 10 from IC, else assign VLAN 666 – Quarantine.

EX Switch configuration:

JUNOS Base OS boot [9.2B3.2]

root@Switch4> show configuration interfaces ge-0/0/1
unit 0 {
    description “host port”
    family ethernet-switching;
}

root@Switch4> show vlans
Name Tag Interfaces

Quarantine 666 None
vlan10 10 ge-0/0/0.0*

root@Switch4> show configuration access
radius-server {
    10.209.72.152 {
        secret "$ABC123"; ## SECRET-DATA
        source-address 10.209.72.4;
    }
}

profile radprof {
    authentication-order radius;
        radius {
            authentication-server 10.209.72.152;
        }
}

root@Switch4> show configuration protocols dot1x
authenticator {
    authentication-profile-name radprof;
        interface {
            ge-0/0/1.0 {
                supplicant single;
                reauthentication 15;
            }
        }
}

Odyssey Client Screens:

 

 

 

 

 

 Infranet Controller Screens:

 

 

Odyssey Access Client

 

 

 

 

 

 

 

 

 

 

 

 

 

A small video (.exe) is attached that displays the results of the above configuration. Rename the file and remove .txt to run it.

 

library/CUSTOMERSERVICE/GLOBAL_JTAC/uac/UAC%20-%20OAC,%20EX%20_%20IC.exe

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search