Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  Juniper ex2300 RADIUS MAC

    Posted 12-23-2022 05:58

    I'm trying to configure dynamic VLANs with mac address on a radius server

    This is my current config:

    dot1x {
        authenticator {
            authentication-profile-name profile1;
            radius-reachability {
                query-period 20;
            }
            radius-options {
                use-vlan-id;
            }
            interface {
                ge-0/0/0.0 {            
                    retries 10;
                    quiet-period 0;
                    transmit-period 2;
                    mac-radius {
                        restrict;
                    }
                    no-reauthentication;
                    server-timeout 5;
                    server-reject-vlan vlan0081;
                    server-fail vlan-name vlan0081;
                }
            }
        }
    }
    

    My current problem is that for some reason I don't understand, it takes around 2 minutes for the PCs to be placed on the correct vlan [tested on Mac, Windows, and Linux]. Before that, they get placed on my "server reject/server fail" vlan [and I dont have a guest vlan configured].

    I captured the traffic using Wireshark on my radius server, and less than 1 second after connecting the host to the switch, the radius server is replaying with an "accept" and the correct vlan id. This makes me think it's a problem with my switch configuration…

    Has anyone come across this issue before? Does someone know how to fix it?



    ------------------------------
    Samuel
    ------------------------------