- play_arrow Login Classes and Login Settings
- play_arrow User Accounts
- play_arrow Passwords for User Access
- play_arrow Trusted Platform Module
- play_arrow User Authentication
- play_arrow Remote Access Management
- play_arrow Access Control
- Access Control Authentication Methods
- Preventing Unauthorized Access to EX Series Switches Using Unattended Mode for U-Boot
- Preventing Unauthorized Access to EX Series Switches Using Unattended Mode for U-Boot
- RADIUS Server Configuration for Authentication
- 802.1X Authentication
- MAC RADIUS Authentication
- Service-Type Attribute and Jumbo Frame Handling Overview
- 802.1X and RADIUS Accounting
- Example: Setting Up 802.1X for Single-Supplicant or Multiple-Supplicant Configurations on an EX Series Switch
- Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an EX Series Switch
- Interfaces Enabled for 802.1X or MAC RADIUS Authentication
- Static MAC Bypass of 802.1X and MAC RADIUS Authentication
- Configuring PEAP for MAC RADIUS Authentication
- Captive Portal Authentication
- Flexible Authentication Order on EX Series Switches
- Server Fail Fallback and Authentication
- Authentication Session Timeout
- Central Web Authentication
- Dynamic VLAN Assignment for Colorless Ports
- VoIP on EX Series Switches
- play_arrow Configuring IEEE 802.1x Port-Based Network Access Control
- play_arrow Device Discovery
- play_arrow Domain Name Security
- play_arrow Permission Flags
- access
- access-control
- admin
- admin-control
- all
- clear
- configure
- control
- field
- firewall
- firewall-control
- floppy
- flow-tap
- flow-tap-control
- flow-tap-operation
- idp-profiler-operation
- interface
- interface-control
- maintenance
- network
- pgcp-session-mirroring
- pgcp-session-mirroring-control
- reset
- rollback
- routing
- routing-control
- secret
- secret-control
- security
- security-control
- shell
- snmp
- snmp-control
- system
- system-control
- trace
- trace-control
- view
- view-configuration
- play_arrow Configuration Statements and Operational Commands
Understanding 802.1X and LLDP and LLDP-MED on MX Series Routers in Enhanced LAN Mode
Starting with Junos OS Release 14.2, Juniper Networks MX Series routers use Link Layer Discovery Protocol (LLDP) and Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED) to learn and distribute device information on network links. The information allows the router to quickly identify a variety of devices, resulting in a LAN that interoperates smoothly and efficiently.
LLDP-capable devices transmit information in type, length, and value (TLV) messages to neighbor devices. Device information can include information such as chassis and port identification and system name and system capabilities. The TLVs leverage this information from parameters that have already been configured in the Juniper Networks Junos operating system (Junos OS).
LLDP-MED goes one step further than LLDP, exchanging IP-telephony messages between the router and the IP telephone.
LLDP and LLDP-MED also provide PoE power management capabilities. LLDP power negotiation allows the router to manage PoE power by negotiating with LLDP-enabled powered devices to dynamically allocate PoE power as needed. LLDP power priority allows an LLDP-enabled powered device to set the PoE power priority on the router interface to which it connects.
The router also uses these protocols to ensure that voice traffic gets tagged and prioritized with the correct values at the source itself. For example, 802.1p CoS and 802.1Q tag information can be sent to the IP telephone.
EX Series routeres support the following basic TLVs:
Chassis Identifier—The MAC address associated with the local system.
Note:The Chassis ID TLV has a subtype for Network Address Family. LLDP frames are validated only if this subtype has a value of 1 (IPv4) or 2 (IPv6). For any other value, the transmitting device is detected by LLDP as a neighbor and displayed in the output of the "show lldp neighbors" command, but is not assigned to the VLAN.
Port Identifier—The port identification for the specified port in the local system.
Port Description—Textual description of the interface or the logical unit. The description for the logical unit is used, if available; otherwise, the Port Description TLV will contain the description configured on the physical interface. For example, LAG member interfaces do not contain a logical unit, so only the description configured on the physical interface can be used.
System Name—The user-configured name of the local system. The system name can be a maximum of 256 characters.
System Description—The system description containing information about the software and current image running on the system. This information is not configurable, but taken from the software.
System Capabilities—The primary function performed by the system. The capabilities that system supports; for example, bridge or router. This information is not configurable, but based on the model of the product.
Management Address—The IPv4 or IPv6 management address of the local system.
EX Series routeres support the following 802.3 TLVs:
Power via MDI—A TLV that advertises MDI power support, PSE power pair, and power class information.
MAC/PHY Configuration Status—A TLV that advertises information about the physical interface, such as autonegotiation status and support and MAU type. The information is not configurable, but based on the physical interface structure.
Note:The MAC/PHY Configuration Status TLV has a subtype for the PMD Auto-Negotiation Advertised Capability field. This field will contain a value of
if the LLDP packet was transmitted from a 10-gigabit SFP+ port.Link Aggregation—A TLV that advertises if the port is aggregated and its aggregated port ID.
Maximum Frame Size—A TLV that advertises the Maximum Transmission Unit (MTU) of the interface sending LLDP frames.
Port Vlan—A TLV that advertises the VLAN name configured on the interface.
EX Series routeres support the following LLDP-MED TLVs:
LLDP MED Capabilities—A TLV that advertises the primary function of the port. The capabilities values range 0 through 15:
0— Capabilities
1— Network Policy
2— Location Identification
3— Extended Power via MDI-PSE
4— Inventory
5–15— Reserved
LLDP-MED Device Class Values:
0— Class not defined.
1— Class 1 Device.
2— Class 2 Device.
3— Class 3 Device.
4— Network Connectivity Device
5–255— Reserved.
Network Policy—A TLV that advertises the port VLAN configuration and associated Layer 2 and Layer 3 attributes. Attributes include the policy identifier, application types, such as voice or streaming video, 802.1Q VLAN tagging, and 802.1p priority bits and Diffserv code points.
Endpoint Location— A TLV that advertises the physical location of the endpoint.
Extended Power via MDI— A TLV that advertises the power type, power source, power priority, and power value of the port. It is the responsibility of the PSE device (network connectivity device) to advertise the power priority on a port.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.