Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advance Threat Protection, Policy Enforcer, SecIntel, Secure Analytics, Secure Connect, Secure Director and all things related to Juniper security technologies.

EX33/EX34 - Dot1x - server-reject-vlan with EAPOL Block doesn't trigger

  • 1.  EX33/EX34 - Dot1x - server-reject-vlan with EAPOL Block doesn't trigger

    Posted 08-17-2023 09:20

    Hello!

    We have about 130 EX3400 and EX3300 switches configured with dot1x and have under a long time had issues with guests trying to connect with ethernet in our offices.
    After the client has connected and the switch has sent the authentication to the WS RADIUS NPS server it get's an accept-reject and the host gets put on a guest VLAN.

    Once this happens the reauthentication timer starts counting down which is currently set at 1 hour, however the client keeps sending new EAPOL START which triggers the flow to happen once more, this happens every 10 minute and i would like to use the 'eapol-block' to ignore theese messages and only use the reauthentication timer.

    Dot1x Configuration:

    Dot1x interface information:

    The EX3400 in questions that is running this configuration has the latest JTAC recommended SP release 21.4R3-S3.4.

    Any help or inputs on how i can further troubleshoot why it doesn't trigger would be much applied, please let me know if more information is needed.

    //Andreas



    ------------------------------
    Andreas
    ------------------------------