Urgent help needed with ACS5.4 for Juniper SRX please
I agree, nothing ACS related, but I don't think you need anything on the ACS for this.
Which mode are you using?
supplicant single; #will authenticate the first device seen on the switch port, and open the port globally
supplicant single-secure; #will authenticate only the first device on the switch port and open the port for it, but will drop traffic for others @mac (to avoid an authenticated client behind a hub device, opening the port for many unauthicated clients, which is possible in “single” mode)
supplicant multiple; #will authenticate each client (on a @mac basis) separately. Each one can belon to a different vlan or have its specific options. Max limit is 8 devices per port actually on EX series.
mac-radius: Activate mac-radius authentication. If a device can’t answer EAPol “request identity” frames, the EX will forge a Radius access-request using @mac as username to authenticates the client (if the authentication is configured to accept this case). It is very usefull to authenticates IP Phones for example, or other devices like printers, IP cameras, who doesn’t have 802.1x functionnalities. Note that this mode is way more unsecure than a real 802.1X authentication.
The number of EAPol retries from EX before passing to mac-radius mode can be configured in “Protocols > Dot1x”
mac-radius restrict; #The mac-radius described will be used only, no EAPol frames will be send from EX to client, EX will takes client @mac an send a Radius access request with it as soon as he see the device.
I will see if I can help.
**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama**
Please Rate if helpful. Regards Ed
**Share your knowledge. It’s a way to achieve immortality.
Please Rate if helpful.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...