02-29-2012 07:27 AM
I am testing deployment option for UAC. I am able to configure UAC to work with Juniper and Cisco switch, and switch non 802.1x client to guest VLAN, and my authorized 802.1x Windows machine with open port action.
When I test the case that a non authorized 802.1x aware client connect to the port, I see authentication fail information from user access logs, as the credential cannot match any realms. And authentication failed, the port not able to switch to Guest VLAN.
Is there anyway to create a realms to catch those failed authen client? I have try anonymous but not success.
02-29-2012 06:45 PM
1. You can configure MAC-Auth-Bypass in the switch, and create a mac-auth realm in IC to authenticate Guest users.
2. You can configure Auth-Fail VLAN in switch and enforce the clients to a particular VLAN.
3. If there be any radius-attribute in Radius-request packet that is unique to the Guest access, then we can create Radius request policies in IC and do anonymous authentication.
You can choose either of the above.
Note: You could mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!
03-08-2012 02:26 AM
The third option that I mentioned in my earlier reply would allow IC to send VLAN attributes.
May be based on client's mac-address or nas-port or any other radius-attribute you can filter and do anonymous authentication.
03-08-2012 02:52 AM
You could do realm slection based on EAP-Type as well.