UAC 802.1x for failed authen client?

zerofai · ‎06-02-2011

Hi all,

I am testing deployment option for UAC. I am able to configure UAC to work with Juniper and Cisco switch, and switch non 802.1x client to guest VLAN, and my authorized 802.1x Windows machine with open port action.

When I test the case that a non authorized 802.1x aware client connect to the port, I see authentication fail information from user access logs, as the credential cannot match any realms. And authentication failed, the port not able to switch to Guest VLAN.

Is there anyway to create a realms to catch those failed authen client? I have try anonymous but not success.

Please advise!

Cheers,
Fai

Raveen · ‎04-15-2010

1. You can configure MAC-Auth-Bypass in the switch, and create a mac-auth realm in IC to authenticate Guest users.

2. You can configure Auth-Fail VLAN in switch and enforce the clients to a particular VLAN.

3. If there be any radius-attribute in Radius-request packet that is unique to the Guest access, then we can create Radius request policies in IC and do anonymous authentication.

You can choose either of the above.

Note: You could mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

zerofai · ‎06-02-2011

Hi Raveen, Thanks, so there is no method to specify a VLAN for failed authen client? As I see this option in other vendor products. Regards, Fai

Raveen · ‎04-15-2010

The third option that I mentioned in my earlier reply would allow IC to send VLAN attributes.

May be based on client's mac-address or nas-port or any other radius-attribute you can filter and do anonymous authentication.

Regards,

Raveen

Raveen · ‎04-15-2010

You could do realm slection based on EAP-Type as well.

Regards,

Raveen

UAC 802.1x for failed authen client?

Re: UAC 802.1x for failed authen client?

Re: UAC 802.1x for failed authen client?

Re: UAC 802.1x for failed authen client?

Re: UAC 802.1x for failed authen client?