Identity and Policy Control
Reply
Regular Visitor
lalith_k
Posts: 8
Registered: ‎11-11-2009
0

Need to Setup Guest User Access using Juniper IC4500 and EX3200 Series switches

Hi All,

 

I have been trying to setup Guest user access using a local user database on IC4500. We have configured 802.1x on the EX series switch ports  and using an Windows AD server whenever a user connects to the network the Odyssey access client software prompts for a password and once the same is supplied the user gets assigned to the specifiec VLAN.

 

Im trying the same for Guest user access, however with a captive portal scenario where the user logs in with a provided username and password and gets access only to Internet.

 

We also have a Juniper SRX 650 acting as a firewall.

 

Can anyone help me in setting up the above mentioned scenario?

 

Regards,

Lalit

Super Contributor
apaul
Posts: 153
Registered: ‎11-06-2009
0

Re: Need to Setup Guest User Access using Juniper IC4500 and EX3200 Series switches

Captive Portal,with IC and SRX is well documented in the UAC documentation.

You can refer IC Interoperability with the Junos Enforce guide 

http://www.juniper.net/techpubs/software/uac/4.1xguides/j-ic-uac-4.1-junosenforcers.pdf

Chapter 4 deals captive portal.

 

Hope that helps

Ashish Paul
Regular Visitor
lalith_k
Posts: 8
Registered: ‎11-11-2009
0

Re: Need to Setup Guest User Access using Juniper IC4500 and EX3200 Series switches

Hi Ashish,

 

Than you very much for the document which throws light on the Captive Portal configuration on the enforcer, however I would like to understand the following

 

1) Users to connect on the Juniper EX3200 switch for access.

2) User gets assigned to a red VLAN and is prompted for authentication,

.Post succesful authentication user gets assigned to the respective VLAN if OAC is installed in the PC (Authorized Users)

.Guest users to be redirected to a Captive portal and credentials to be verified against local user database configured on the IC. Once authenticated user gets assigned to Guest VLAN.

3) Guest users access would be limited to HTTP / HTTPS traffic on the firewall.

4) Juniper SRX 650 acting as Firewall can be used as Infranet Enforcer.

 

Questions / Queries

---------------------------

1) Users to get IP address from Red VLAN ( not possible without DOT1X)

2) Do I need to have DOT1X configured on all the ports of the switch for the above mentioned scenario.

 

 

 

Regards,

Lalit

Super Contributor
apaul
Posts: 153
Registered: ‎11-06-2009
0

Re: Need to Setup Guest User Access using Juniper IC4500 and EX3200 Series switches

Hi Lalith,

 

I am not a solution expert, and especially since the below scenario includes multiple devices.

So I will not know whether this is the best way to implement your requirement.

However your steps seems ok to me, definitely  from IC stand point and  dot1.x seem to me as a requirement on all ports.

 

Thanks

Ashish Paul
Regular Visitor
lalith_k
Posts: 8
Registered: ‎11-11-2009
0

Re: Need to Setup Guest User Access using Juniper IC4500 and EX3200 Series switches

Thanks Ashish for the reply ... I will try the same and update you once the same is resolved. :smileyhappy:

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.