Switching

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  Question on 802.1X authentication

     
    Posted 04-17-2022 07:48

    Hi.

     

    I am learning about 802.1X and have a question on what it looks like in practice (since I don't have a lab).

     

    Let's say I connect my Macbook directly to an 802.1X port on a Juniper switch.

     

    1: When I receive and EAPoL request, how will I be entering my credentials? Will I be using a special 802.1X application on my Macbook?

    2: Are both the username and password entered in response to the first EAPoL Request,  or is the username sent in response to the initial EAPoL request and the password entered in response to a separate EAPoL Challenge message from the switch port?

     

    Thanks,

    Deepak


    Juniper Business Use Only



  • 2.  RE: Question on 802.1X authentication
    Best Answer

    Posted 04-18-2022 05:31
    Hi  

    To authenticate through 802.1X, supplicants require 802.1X client software. Some operating systems include an 802.1X client by default --  for mac OS see below:  
    https://support.apple.com/guide/deployment/connect-to-8021x-networks-depabc994b84/web 
    https://support.apple.com/en-us/HT207431 

    Now when an authenticator receives authentication requests from a supplicant, those requests are received as EAPOL messages (EAPOL-start ---- EAP request / identity -- EAP Response / Identity). The authenticator extracts and relays the identity information, found within the EAPOL message, to the authentication server as a RADIUS access request. the authenticator does not evaluate the supplicant's credentials, but simply relays that information to the authenticating server in an understandable format. 

    Hope this helps!  
    Esteban / PV