Security

Reply
Occasional Contributor I

Re: has anyone every gotten the radius attribute Juniper-Switching-Filter to work?

WIth the help of Juniper I got one match statement to load.

 

The upper/lower case was very very important.  The "M", "D" & "A" all had to be caps, the "d" in deny needed to be lower case.

 

"Match Destination-ip 0.0.0.0/24 Action allow"

 

Screen Shot 2014-04-14 at 2.35.18 PM.png

 

The filter is not working for me at this point it seems like I do not have any connectivity.

 

Also, I have not been able to get mulitply VSA's loaded yet.

 

Stay tuned.

 

Chris

 

 

Super Contributor I

Re: has anyone every gotten the radius attribute Juniper-Switching-Filter to work?

Hi Chris,

 

I actually opened a JTAC case on this issue yesterday. I'll let you know when I get something to work, as well.


-Mike

Super Contributor I

Re: has anyone every gotten the radius attribute Juniper-Switching-Filter to work?

Hi Chris,


You mentioned that you were able to get it to work. Do you have a screen capture of that? I tried the following:

 

Radius:Juniper - Juniper-Switching-Filter - "Match Destination-ip 8.8.8.8/32 Action deny"

 

without any luck. I just uploaded a set of traceoptions to JTAC for their analysis on the above and for some hopeful guidance. I'll let you know if / when I hear anything.

 

Thanks!

 

-Mike

 

Super Contributor I

Re: has anyone every gotten the radius attribute Juniper-Switching-Filter to work?

Hi Chris,

 

I think this is going to be a longer term issue with Juniper. I think this is something that will be addressed in a future release. I'll update this post when / if I hear back. I wouldn't hold your breath at this point.

 

Sorry, I'm sure you were hoping for better news.

 

-Mike

Re: has anyone every gotten the radius attribute Juniper-Switching-Filter to work?

Curious...is there an update to this?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Super Contributor I

Re: has anyone every gotten the radius attribute Juniper-Switching-Filter to work?

Hi Seth,

 

Juniper is working to address this issue in a software release. I haven't heard an ETA for it. My guess is the new partnership with Aruba should help to integrate their EX line with Clearpass. I'll reach back out to them to see if I can find out some new information.

 

-Mike

Occasional Contributor II

Re: has anyone every gotten the radius attribute Juniper-Switching-Filter to work?

Hello boston1630 

 

Can you please share with us the configuration you used to get 802.1x with a dynamic firewall via the Filter-ID sent from Clearpass?

 

 

Thanks

Super Contributor I

Re: has anyone every gotten the radius attribute Juniper-Switching-Filter to work?

Hi Raj07,

 

I opened a JTAC case on this issue and there hasn't been any movement on it. Sorry, I don't think this is possible at this point.

 

-Mike

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: