Supported Platforms
Related Documentation
- EX, QFX Series
- VSA Match Conditions and Actions
- QFX Series
- Configuring Firewall Filters
- Configuring RADIUS Authentication
Understanding VSAs on the QFX Series
The Juniper Networks QFX Series products support the configuration of RADIUS server attributes specific to Juniper Networks. These attributes are known as vendor-specific attributes (VSAs) and are described in RFC 2138, Remote Authentication Dial In User Service (RADIUS).
Through VSAs, you can configure port-filtering attributes on the RADIUS server. VSAs are cleartext fields sent from the RADIUS server to the switch as a result of authentication success or failure. Authentication prevents unauthorized user access by blocking a supplicant at the port until the device is authenticated by the RADIUS server. The VSA attributes are interpreted by the switch during authentication, and the switch takes appropriate actions. Implementing port-filtering attributes with authentication on the RADIUS server provides a central location for controlling LAN access for supplicants.
These port-filtering attributes specific to Juniper Networks are encapsulated in a RADIUS server VSA with the vendor ID set to the Juniper Networks ID number, 2636.
As well as configuring port-filtering attributes through VSAs, you can apply a port firewall filter that has already been configured on the switch directly to the RADIUS server. Like port-filtering attributes, the filter is applied during the authentication process, and its actions are applied at the switch port. Adding a port firewall filter to a RADIUS server eliminates the need to add the filter to multiple ports and switches.
Related Documentation
- EX, QFX Series
- VSA Match Conditions and Actions
- QFX Series
- Configuring Firewall Filters
- Configuring RADIUS Authentication
Published: 2013-01-23
Supported Platforms
Related Documentation
- EX, QFX Series
- VSA Match Conditions and Actions
- QFX Series
- Configuring Firewall Filters
- Configuring RADIUS Authentication
