Ethernet Switching
Highlighted
Ethernet Switching

802.1X Question

‎01-28-2020 06:00 AM

Is there a command simlar to Cisco IOS "authentication open" that can be applied to a EX4300 interface?

3 REPLIES 3
Highlighted
Ethernet Switching

Re: 802.1X Question

‎01-28-2020 06:08 AM

Hello,

 

is this something that helps you?

https://kb.juniper.net/InfoCenter/index?page=content&id=KB11429

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution".
If you think that my answer was helpful, please spend some Kudos.
Highlighted
Ethernet Switching

Re: 802.1X Question

‎05-29-2020 08:31 AM

Hi Marmour,

 

If I understood the question correctly, you are looking for next command:

user@switch# set interface interface-name persistent-learning

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/understanding_and_using_persisten...

 

Thanks,

Deimos.

Highlighted
Ethernet Switching

Re: 802.1X Question

‎05-29-2020 11:43 AM

Hi Marmour, 

 

So if I understood correctly, you want to bypass dot1x using Open Auth , according to Cisco Docs, one of the requirements is to have Radius, so I would say "mac-radius restrict" is the command you need, by disabling dot1x and allowing mac-radius to authenticate the user mac address.

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3650/sec-user-8...

IEEE 802.1X Open Authentication allows a host to have network access without having to go through IEEE 802.1X authentication. Open authentication is useful in an applications such as the Preboot Execution Environment (PXE), where a device must access the network to download a bootable image containing an authentication client.

 

 

root@test# set protocols dot1x authenticator interface all mac-radius ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> authentication-protocol Set mac-radius authentication method
flap-on-disconnect Reset an interface on receiving a disconnect request
ignore-port-bounce To ignore the port-bounce request received from RADIUS server
restrict Bypass dot1x authentication, use MAC RADIUS only   >>> 
| Pipe through a command
{master:0}[edit]
root@test# set protocols dot1x authenticator interface all mac-radius restrict   >>> 

 

If this solves your problem, please mark this post as "Accepted Solution".

If you think that my answer was helpful, please spend some Kudos.

 

Thank you,

Franky