08-10-2009 11:00 AM - edited 08-16-2009 01:32 AM
Req:Implement IC4000 in campus network (across all branch off) with Active Directory.
1. Have only a single IC box (without IE).
2. Have approx 4 branch offices with a single AD server at the Corp. office and all edge switches are Nortel make and 802.1x compatible. All offices are interconnected using Point-Point links.
3. Each branch office network is independent and does not have any VLANs extended to branch.
4. Users types are the employees and visitors. Employees should get access to LAN (eg VLAN-10), if authenticated and comply to the policies, else be placed in remediation VLAN(eg VLAN-100); visitors irrespective or compliance / non-compliance to be placed in a visitor vlan (eg VLAN-200).
Please let me know if this is workable and steps to configure it.
08-17-2009 12:40 AM
your scenario is definitely workable. You might want to check the Administration Guide from Juniper, as it is really well written: http://www.juniper.net/techpubs/software/uac/3.0/
In your case, I would check the chapter 4, called "The UAC RADIUS Server and Layer 2 Access". You might also want to check chapter 10 about the remediation.