Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding 802.1X on a Junos Fusion Enterprise

This topic describes 802.1X in a Junos Fusion Enterprise.

802.1X is an IEEE standard for port-based network access control (PNAC). It provides an authentication mechanism for devices seeking to access a LAN. The 802.1X authentication feature is based upon the IEEE 802.1X standard Port-Based Network Access Control.

The range of 802.1X configuration options are beyond the scope of this document. For additional information on 802.1X, see 802.1X for Switches Overview and the Access Control User Guide for EX9200 Switches.

The following requirements should be understood when configuring 802.1X for a Junos Fusion Enterprise:

  • The authentication server cannot connect to the Junos Fusion Enterprise through an extended port.

  • 802.1X configuration must match on both aggregation devices in a Junos Fusion Enterprise. 802.1X , therefore, should typically be configured using configuration groups that are applied to both aggregation devices using commit synchronization. See Understanding Configuration Synchronization in a Junos Fusion and Enabling Configuration Synchronization Between Aggregation Devices in a Junos Fusion.

  • 802.1X control is handled by either aggregation device on a per-session basis. Either aggregation device can act as the primary device for 802.1X control for any 802.1X session. If traffic flow through one aggregation device is disrupted during an 802.1X session, the 802.1X session may be interrupted and control could be transferred to the other aggregation device.

  • A captive portal cannot be configured on an extended port.

See Enabling 802.1X in the Enabling Junos Fusion Enterprise on an Enterprise Campus Network document for an example of 802.1X configuration on a Junos Fusion Enterprise.