- play_arrow Working With Network Director
- play_arrow About Network Director
- play_arrow Installing Network Director
- play_arrow Accessing Network Director
- play_arrow Understanding Network Director System Administration and Preferences
- play_arrow Getting Started with Network Director
-
- play_arrow Working with the Dashboard
- play_arrow About the Dashboard
- play_arrow Using the Dashboard
- play_arrow Dashboard Widget Reference
-
- play_arrow Working in Deploy Mode
- play_arrow About Deploy Mode
- play_arrow Deploying and Managing Device Configurations
- Deploying Configuration to Devices
- Managing Configuration Deployment Jobs
- Deploy Configuration Window
- Importing Configuration Data from Junos OS Configuration Groups
- Enabling High-Frequency Traffic Statistics Monitoring on Devices
- Configuring Network Traffic Analysis
- Approving Change Requests
- Enabling SNMP Categories and Setting Trap Destinations
- Understanding Resynchronization of Device Configuration
- Resynchronizing Device Configuration
- Managing Device Configuration Files
- Creating and Managing Baseline of Device Configuration Files
- play_arrow Deploying and Managing Software Images
- play_arrow Managing Devices
- play_arrow Setting Up Zero Touch Provisioning for Devices
-
- play_arrow Monitoring Devices and Traffic
- play_arrow About Monitor Mode
- play_arrow Monitoring Traffic
- play_arrow Monitoring Client Sessions
- play_arrow Monitoring Devices
- play_arrow Monitoring and Analyzing Fabrics
- play_arrow Monitoring Virtual Networks
- play_arrow General Monitoring
- play_arrow Monitor Reference
- 802.11 Packet Errors Monitor
- Access vs. Uplink Port Utilization Trend Monitor
- Current Sessions Monitor
- Current Sessions by Type Monitor
- Error Trend Monitor
- Equipment Summary By Type Monitor
- Node Device Summary Monitor
- Port Status Monitor
- Port Status for IP Fabric Monitor
- Port Utilization Monitor
- Power Supply and Fan Status Monitor
- Resource Utilization Monitor for Switches, Routers, and Virtual Chassis
- Status Monitor for Junos Fusion Systems
- Status Monitor for Layer 3 Fabrics
- Status Monitor for Switches and Routers
- Status Monitor for Virtual Chassis
- Status Monitor for Virtual Chassis Members
- Top Talker - Wired Devices Monitor
- Traffic Trend Monitor
- Unicast vs Broadcast/Multicast Monitor
- Unicast vs Broadcast/Multicast Trend Monitor
- User Session Details Window
- Virtual Chassis Topology Monitor
- VC Equipment Summary By Type Monitor
-
- play_arrow Using Fault Mode
- play_arrow About Fault Mode
- play_arrow Using Fault Mode
- play_arrow Fault Reference
-
- play_arrow Working in Report Mode
- play_arrow About Report Mode
- play_arrow Creating and Managing Reports
- play_arrow Report Reference
-
- play_arrow Working with Network Director Mobile
- play_arrow About Network Director Mobile
- play_arrow Getting Started with Network Director Mobile
- play_arrow Working in the Network Director Mobile Dashboard Mode
- play_arrow Working in the Network Director Mobile Devices Mode
-
Understanding Authentication Profiles
Authentication profiles include the authentication method and authentication parameters to be used for client authentication. Available authentication methods are 802.1X (dot1x), MAC-RADIUS, captive portal, and last-resort. 802.1X is the default authentication method for all device types but you can change this or add additional authentication types. If you configure multiple authentication methods on a single interface, the system tries the first method listed and then falls back to another method if the first method is unsuccessful.
You can create one or more Authentication profiles to specify different authentication methods based on client devices or sessions.
Each Authentication profile is specific to a device family. After you create an Authentication profile, you can include it in a Port profile. The Authentication profile specified in a Port profile is used to authenticate all the users and devices that connect to the port.
802.1X Authentication
Newer equipment supports the IEE standard called 802.1X. 802.1X is basically an Enterprise, per-user (username and password) authentication mechanism – it is both the newest and strongest authentication you can use. Since 802.1X authentication is the most secure authentication option, it is preferable to the older PSK authentication, Web Portals, MAC authentication, or open authentication, which really means no authentication.
802.1X authentication involves three entities, a supplicant, an authenticator, and an authentication server. The supplicant is a client device, such as a laptop, that wishes to attach to a network. The authenticator would be a switch. The authentication server is usually a RADIUS server, which can interpret 802.1X EAP modes.
Single supplicant mode authenticates only the first end device that connects to an authenticator port. All other end devices connecting to the authenticator port after the first has connected successfully, whether they are 802.1X-enabled or not, are permitted free access to the port without further authentication. If the first authenticated end device logs out, all other end devices are locked out until an end device authenticates.
Single-secure supplicant mode authenticates only one end device to connect to an authenticator port. No other end device can connect to the authenticator port until the first logs out.
Multiple supplicant mode authenticates multiple end devices individually on one authenticator port. If you configure a maximum number of devices that can be connected to a port through port security, the lesser of the configured values is used to determine the maximum number of end devices allowed per port.
MAC RADIUS Authentication
A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet. A client’s MAC address can be used for authentication by mapping a password to the client’s entry in the MAC address table. MAC authentication can be done either locally or with a RADIUS server.
Captive Portal Authentication
Captive Portals are frequently used to authenticate hotspots, forcing all users to use the configured logon web page. Many companies use captive portals to authenticate guest users for temporary use of the company network. The Captive Portal has one password for all users, which should be changed frequently.