Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding Guest VLANs for 802.1X on MX Series Routers in Enhanced LAN Mode

Starting with Junos OS Release 14.2, guest VLANs can be configured on switches that are using 802.1X authentication to provide limited access—typically only to the Internet—for:

  • Corporate guests

  • End devices that are not 802.1X-enabled

  • Nonresponsive end devices when MAC RADIUS authentication has not been configured on the switch interfaces to which the hosts are connected

A guest VLAN is not used for supplicants sending incorrect credentials. Those supplicants are directed to the server-reject VLAN instead.

For end devices that are not 802.1X-enabled, a guest VLAN can allow limited access to a server from which the non-802.1X-enabled end device can download the supplicant software and attempt authentication again.

A guest VLAN is not used when MAC RADIUS authentication has been configured on the switch interfaces to which the hosts are connected. Some end devices, such as a printer, cannot be enabled for 802.1X. The hosts for such devices should be connected to switch interfaces that are configured for MAC RADIUS authentication.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
14.2
Starting with Junos OS Release 14.2, guest VLANs can be configured on switches that are using 802.1X authentication to provide limited access—typically only to the Internet