- play_arrow Login Classes and Login Settings
- play_arrow User Accounts
- play_arrow Passwords for User Access
- play_arrow Trusted Platform Module
- play_arrow User Authentication
- play_arrow Remote Access Management
- play_arrow Access Control
- Access Control Authentication Methods
- Preventing Unauthorized Access to EX Series Switches Using Unattended Mode for U-Boot
- Preventing Unauthorized Access to EX Series Switches Using Unattended Mode for U-Boot
- RADIUS Server Configuration for Authentication
- RADIUS over TLS (RADSEC)
- 802.1X Authentication
- MAC RADIUS Authentication
- Service-Type Attribute and Jumbo Frame Handling Overview
- 802.1X and RADIUS Accounting
- Example: Setting Up 802.1X for Single-Supplicant or Multiple-Supplicant Configurations on an EX Series Switch
- Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an EX Series Switch
- Interfaces Enabled for 802.1X or MAC RADIUS Authentication
- Static MAC Bypass of 802.1X and MAC RADIUS Authentication
- Configuring PEAP for MAC RADIUS Authentication
- Captive Portal Authentication
- Flexible Authentication Order on EX Series Switches
- Server Fail Fallback and Authentication
- Authentication Session Timeout
- Central Web Authentication
- Dynamic VLAN Assignment for Colorless Ports
- VoIP on EX Series Switches
- play_arrow Configuring IEEE 802.1x Port-Based Network Access Control
- play_arrow Device Discovery
- play_arrow Domain Name Security
- play_arrow Permission Flags
- access
- access-control
- admin
- admin-control
- all
- clear
- configure
- control
- field
- firewall
- firewall-control
- floppy
- flow-tap
- flow-tap-control
- flow-tap-operation
- idp-profiler-operation
- interface
- interface-control
- maintenance
- network
- pgcp-session-mirroring
- pgcp-session-mirroring-control
- reset
- rollback
- routing
- routing-control
- secret
- secret-control
- security
- security-control
- shell
- snmp
- snmp-control
- system
- system-control
- trace
- trace-control
- view
- view-configuration
- play_arrow Configuration Statements and Operational Commands
Understanding 802.1X and VoIP on MX Series Routers in Enhanced LAN Mode
When you use Voice over IP (VoIP), you can connect IP telephones to the router and configure IEEE 802.1X authentication for 802.1X-compatible IP telephones. Starting with Junos OS Release 14.2, 802.1X authentication provides network edge security, protecting Ethernet LANs from unauthorized user access.
VoIP is a protocol used for the transmission of voice through packet-switched networks. VoIP transmits voice calls using a network connection instead of an analog phone line.
When VoIP is used with 802.1X, the RADIUS server authenticates the phone, and Link Layer Discovery Protocol–Media Endpoint Discovery (LLDP-MED) provides the class-of-service (CoS) parameters to the phone.
You can configure 802.1X authentication to work with VoIP in multiple supplicant or single supplicant mode. In multiple-supplicant mode, the 802.1X process allows multiple supplicants to connect to the interface. Each supplicant will be authenticated individually. For an example of a VoIP multiple supplicant topology, see Figure 1.
If an 802.1X-compatible IP telephone does not have an 802.1X host but has another 802.1X-compatible device connected to its data port, you can connect the phone to an interface in single-supplicant mode. In single-supplicant mode, the 802.1X process authenticates only the first supplicant. All other supplicants who connect later to the interface are allowed full access without any further authentication. They effectively “piggyback” on the first supplicant’s authentication. For an example of a VoIP single supplicant topology, see Figure 2 .
If an IP telephone does not support 802.1X, you can configure VoIP to bypass 802.1X and LLDP-MED and have the packets forwarded to a VoIP VLAN,
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
