Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Use Case Overview

Juniper Networks EX Series Ethernet Switches are designed to meet the demands of today’s high-performance businesses. They enable companies to grow their networks at their own pace, minimizing large up-front investments. Based on open standards, EX Series switches provide the carrier-class reliability, security risk management, virtualization, application control, and lower total cost of ownership (TCO) that businesses need today while allowing businesses to scale in an economically sensible way for years to come.

Aruba ClearPass Policy Manager is a policy management platform that provides role-based and device-based network access control (NAC) for any user across any wired, wireless, and VPN infrastructure. Enterprises with Aruba wireless infrastructure typically deploy Aruba ClearPass to provide NAC services for the wireless infrastructure. Enterprises that also deploy EX Series switches in these environments can leverage the extensive RADIUS capabilities on EX Series switches to integrate with Aruba ClearPass. This integration enables enterprises to deploy consistent security policies across their wired and wireless infrastructure.

Enterprises typically have a variety of users and endpoints, which results in multiple use cases that need to be addressed by their policy infrastructure. Depending on the type of endpoint and how it is being used, an endpoint might be authenticated by 802.1X authentication, MAC RADIUS authentication, or captive portal authentication. The policy infrastructure should enable any device to be connected to any port in the access switch and to be authenticated based on the capabilities of the device, the authorization level of the user, or both.

In this network configuration example, we show how to configure a Juniper Networks and Aruba ClearPass policy infrastructure for two use cases: authenticating an employee laptop using 802.1X PEAP authentication and authenticating a guest laptop using MAC RADIUS authentication.