Example: Connecting a RADIUS Server for 802.1X to an EX Series Switch



Similar documents
Example: Configuring VoIP on an EX Series Switch Without Including 802.1X Authentication

Network Configuration Example

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Network Configuration Example

Junos OS for EX Series Ethernet Switches

IEEE 802.1X Overview. Port Based Network Access Control

24 Port Gigabit Ethernet Web Smart Switch. Users Manual

Network Configuration Example

Sample Configuration Using the ip nat outside source static

Configuring DHCP Snooping

ZyXEL GS2210-8HP V4.10(AASQ.1)C0 Release Note/Manual Supplement

ClearPass Policy manager Cisco Switch Setup with CPPM. Technical Note

Interoperability between Avaya IP phones and ProCurve switches

Optimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches

DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES

Security Technology White Paper

Deploying IP Telephony with EX-Series Switches

Switch Configuration Required to Support Cisco ISE Functions

Skywire TCP Socket Examples

Dynamic VLAN assignment using RADIUS. Network Diagram

AT-S45 Version Management Software for the AT-9410GB Gigabit Ethernet Switches. Software Release Notes

APPLICATION NOTE. Copyright 2011, Juniper Networks, Inc. 1

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

How to configure MAC authentication on a ProCurve switch

How To Configure Voice Vlan On An Ip Phone

Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009

CCT vs. CCENT Skill Set Comparison

How To Set Up Isonas Crystal Matrix On A Pc Or Mac Or Ipa (For A Mac) On A Network With A Network Switch (For An Ipa) On An Ip Address) On Your Ipa Or Ip Address On

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering?

Gigabit Ethernet Web Smart 8-Port Switch 2 Combo SFP Open Slot

How to monitor network traffic inside an ESXi host

10 Ways. Cisco Meraki Switches Make Life Easier

EX Series Technical Details

Juniper Networks Certified Internet Associate (JNCIA-Junos) Exam.

Junos OS for EX Series Ethernet Switches

VOICE VLAN SUPPORT IN THE DELL POWERCONNECT 6200

How to Configure Web Authentication on a ProCurve Switch

How To - Implement Clientless Single Sign On Authentication with Active Directory

Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches

Configuring Static and Dynamic NAT Simultaneously

VOIP Guide Using ZyXEL Switch

AT-S63 and AT-S63 NE Version Management Software for the AT-9400 Series Layer 2+ Gigabit Ethernet Switches Software Release Notes

How To Understand and Configure Your Network for IntraVUE

Bridge Functions Consortium

Juniper Exam JN0-343 Juniper Networks Certified Internet Specialist (JNCIS-ENT) Version: 10.1 [ Total Questions: 498 ]

CTS2134 Introduction to Networking. Module Network Security

JUNOS Cheat-Sheet Quick Reference

Web and MAC Authentication for the Series 2600/2600-PWR and 2800 Switches

Guideline for setting up a functional VPN

Junos OS for EX Series Ethernet Switches

User Manual 24 Port PoE 10/100/1000M with 4 Combo Gigabit SFP Open Slot Web Smart Switch

Sample Configuration Using the ip nat outside source list C

Network Load Balancing

AT-S95 Version AT-8000GS Layer 2 Stackable Gigabit Ethernet Switch Software Release Notes

Network Configuration Example

Device Interface IP Address Subnet Mask Default Gateway

Quick Start Guide. Cisco Small Business. 200 Series 8-Port Smart Switches

How to add a SIP server How to register a handset

Policy Based Forwarding

Error and Event Log Messages

Juniper Networks EX Series Ethernet Switches/ Cisco VoIP Interoperability Test Results. September 25, 2009

What information will you find in this document?

Junos OS for EX Series Ethernet Switches

Configuring RADIUS Server Support for Switch Services

Junos Switching Basics

Interoperability between Mitel IP Phones and ProCurve Switches

Legal Disclaimers. For C-UL Listed applications, the unit shall be installed in accordance with Part 1 of the Canadian Electrical Code.

Cisco Networking Professional-6Months Project Based Training

AT-S105 Version Management Software Release Notes AT-FS750/24POE and AT-FS750/48 Fast Ethernet WebSmart Switches

Quick Start Guide. Cisco Small Business. 200E Series Advanced Smart Switches

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

Latest IT Exam Questions & Answers

1 PC to WX64 direction connection with crossover cable or hub/switch

DCS CT-POE fully loaded AT PoE Switch Datasheet

Configuring Health Monitoring

UNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT

H3C Firewall and UTM Devices DNS and NAT Configuration Examples (Comware V5)

Configuring PA Firewalls for a Layer 3 Deployment

Monitoring the Switch

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Gigabit Content Security Router

: Interconnecting Cisco Networking Devices Part 2 v1.1

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

Network Configuration Example

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

JUNOS Secure Template

Skills Assessment Student Training Exam

VLANs. Application Note

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Quick Start Guide. Cisco Small Business. 300 Series Managed Switches

Configuring LLDP, LLDP-MED, and Location Service

Chapter 2 Lab 2-2, Configuring EtherChannel Instructor Version

Juniper / Cisco Interoperability Tests. August 2014

Management Authentication using Windows IAS as a Radius Server

20 GE PoE-Plus + 4 GE PoE-Plus Combo SFP + 2 GE SFP L2 Managed Switch, 370W

ALLNET ALL-SG8926PM Layer 2 FULL Management 24 Port Giga PoE Current Sharing Switch IEEE802.3at/af

Network Monitoring User Guide Pulse Appliance

802.1X Authentication, Link Layer Discovery Protocol (LLDP), and Avaya IP Telephones

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Application Note User Groups

Transcription:

Example: Connecting a RADIUS Server for 802.1X to an EX Series Switch Requirements 802.1X is the IEEE standard for Port-Based Network Access Control (PNAC). You use 802.1X to control network access. Only users and devices providing credentials that have been verified against a user database are allowed access to the network. You can use a RADIUS server as the user database for 802.1X authentication, as well as for MAC RADIUS authentication. This example describes how to connect a RADIUS server to an EX Series switch, and configure it for 802.1X: Requirements on page 1 Overview and Topology on page 1 Configuration on page 3 Verification on page 4 This example uses the following hardware and software components: JUNOS Release 9.0 or later for EX Series switches One EX Series switch acting as an authenticator port access entity (PAE). The ports on the authenticator PAE form a control gate that blocks all traffic to and from supplicants until they are authenticated. One RADIUS authentication server that supports 802.1X. The authentication server acts as the backend database and contains credential information for hosts (supplicants) that have permission to connect to the network. Before you connect the server to the switch, be sure you have: Performed basic bridging and VLAN configuration on the switch. See Example: Setting Up Basic Bridging and a VLAN for an EX Series Switch. Configured users on the RADIUS authentication server. Overview and Topology The EX Series switch acts as an authenticator Port Access Entity (PAE). It blocks all traffic and acts as a control gate until the supplicant (client) is authenticated by the server. All other users and devices are denied access. Figure 1 shows one EX4200 switch that is connected to the devices listed in Table 1. Example: Connecting a RADIUS Server for 802.1X to an EX Series Switch 1

2 Overview and Topology Figure 1: Topology for Configuration

Table 1: Components of the Topology Property Switch hardware VLAN name One RADIUS server Settings EX4200 access switch, 24 Gigabit Ethernet ports: 8 PoE ports (ge-0/0/0 through ge-0/0/7) and 16 non-poe ports (ge-0/0/8 through ge-0/0/23) default Backend database with an address of 10.0.0.100 connected to the switch at port ge-0/0/10 In this example, connect the RADIUS server to access port ge-0/0/10 on the EX4200 switch. The switch acts as the authenticator and forwards credentials from the supplicant to the user database on the RADIUS server. You must configure connectivity between the EX4200 and the RADIUS server by specifying the address of the server and configuring the secret password. This information is configured in an access profile on the switch. NOTE: For more information about authentication, authorization, and accounting (AAA) services, please see the JUNOS Software System Basics Configuration Guide at http://www.juniper.net/techpubs/software/junos/. Configuration CLI Quick Configuration To quickly connect the RADIUS server to the switch, copy the following commands and paste them into the switch terminal window: Step-by-Step Procedure [edit] set access radius-server 10.0.0.100 secret juniper set access profile profile1 authentication-order radius set access profile profile1 radius authentication-server 10.0.0.100 10.2.14.200 To connect the RADIUS server to the switch: 1. Define the address of the server, and configure the secret password. The secret password on the switch must match the secret password on the server: [edit access] user@switch# set radius-server 10.0.0.100 secret juniper 2. Configure the authentication order, making radius the first method of authentication: [edit access profile] user@switch# set profile1 authentication-order radius 3. Configure a list of server IP addresses to be tried in order to authenticate the supplicant: Configuration 3

[edit access profile] user@switch# set profile1 radius authentication-server 10.0.0.100 10.2.14.200 Results Display the results of the configuration: user@switch> show configuration access radius-server { 10.0.0.100 port 1812; secret "$9$qPT3ApBSrv69rvWLVb.P5"; ## SECRET-DATA profile profile1{ authentication-order radius; radius { authentication-server 10.0.0.100 10.2.14.200; Verification To confirm that the configuration is working properly, perform these tasks: Verify That the Switch and RADIUS Server are Properly Connected on page 4 Purpose Verify That the Switch and RADIUS Server are Properly Connected Verify that the RADIUS server is connected to the switch on the specified port. Action Ping the RADIUS server to verify the connection between the switch and the server: user@switch> ping 10.0.0.100 PING 10.0.0.100 (10.0.0.100): 56 data bytes 64 bytes from 10.93.15.218: icmp_seq=0 ttl=64 time=9.734 ms 64 bytes from 10.93.15.218: icmp_seq=1 ttl=64 time=0.228 ms Meaning ICMP echo request packets are sent from the switch to the target server at 10.0.0.100 to test whether it is reachable across the IP network. ICMP echo responses are being returned from the server, verifying that the switch and the server are connected. Related Topics Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an EX Series Switch Example: Setting Up VoIP with 802.1X and LLDP-MED on an EX Series Switch 4 Verification

Configuring 802.1X RADIUS Accounting (CLI Procedure) Filtering 802.1X Supplicants Using RADIUS Server Attributes Published: 2009-08-05 Verify That the Switch and RADIUS Server are Properly Connected 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information