https://community.cisco.com/t5/network-access-control/guest-redirection-using-a-non-cisco-switch/m-p/3760527#M487462 <P>It turns out that Juniper does not support CWA on 4200EX series of switches.</P> <P>The tested switch from Cisco is 3200 series.</P> <P>The&nbsp;list is&nbsp;provided below in the document from Juniper:&nbsp;<A href="https://apps.juniper.net/feature-explorer/feature-info.html?fKey=7084&amp;fn=Central%20Web%20authentication " target="_self">here</A></P> Mon, 10 Dec 2018 13:03:10 GMT dgaikwad 2018-12-10T13:03:10Z https://community.cisco.com/t5/network-access-control/guest-redirection-using-a-non-cisco-switch/m-p/3758779#M487445 <P>Hi Experts,</P> <P>We are using&nbsp;a third party NADs (Juniper 4200EX) in our environment and want to work with wired guest redirection on these NADs.</P> <P>Using the third party NAD profile provided by the community, I am able to get the following use cases working:</P> <OL> <LI>dot1x</LI> <LI>posture</LI> <LI>VLAN change and assignment</LI> <LI>dACL assignment</LI> </OL> <P>I see that its not supported with the Juniper switch NAD profile and asking for to configure authentication VLAN for the same.</P> <P>There are some queries with the this configuration:</P> <UL> <LI>Only one NAD profile could be used per NAD, then is there a way to keep the dot1x and guest redirection separate?</LI> <LI>Would I need to make this change for the other NADs as well, which are working fine on a third party AND profiles from <A href="https://community.cisco.com/t5/security-documents/ise-third-party-nad-profiles-and-configs/ta-p/3648719" target="_self">here</A>?</LI> </UL> Thu, 06 Dec 2018 08:09:19 GMT https://community.cisco.com/t5/network-access-control/guest-redirection-using-a-non-cisco-switch/m-p/3758779#M487445 dgaikwad 2018-12-06T08:09:19Z https://community.cisco.com/t5/network-access-control/guest-redirection-using-a-non-cisco-switch/m-p/3759770#M487447 May i know what you meant when you said "I see that its not supported with the Juniper switch NAD profile and asking for to configure authentication VLAN for the same." ?<BR /><BR />It looks like Juniper does support redirect-URLs and you can combine with firewall filter to restrict access just like Cisco switches use redirect url, redirect ACLs/dACLs.<BR /><BR />Apparently you can use the JNPR_RSVD_FILTER_CWA filter, sent using the standard RADIUS Filter-ID attribute to limit the access and use Juniper-CWA-Redirect-URL VSA and set the value as the redirect URL.<BR /><BR />More info here:<BR /><A href="https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/nce160-aruba-guest-access-technical-overview.html" target="_blank">https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/nce160-aruba-guest-access-technical-overview.html</A><BR /><BR />I personally have never tried this and this is me just trying to help. Fri, 07 Dec 2018 19:32:54 GMT https://community.cisco.com/t5/network-access-control/guest-redirection-using-a-non-cisco-switch/m-p/3759770#M487447 Surendra 2018-12-07T19:32:54Z https://community.cisco.com/t5/network-access-control/guest-redirection-using-a-non-cisco-switch/m-p/3759773#M487450 I would recommend working through the TAC as well. I am not sure of the issue exactly and need more detail. If the Juniper doesn’t support redirection you can look at the authentication VLAN feature.<BR /><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01001.html#concept_CDD87F6FE3A54351B27FF35316A23DA3" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_01001.html#concept_CDD87F6FE3A54351B27FF35316A23DA3</A><BR /><BR />The 3300 was tested to work, other comparable platforms should then work.<BR /><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/compatibility/b_ise_sdt_24.html#thirdpartyaccessswitches" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/compatibility/b_ise_sdt_24.html#thirdpartyaccessswitches</A><BR /><BR />when I google ise juniper guest found a lot of information, one that stood out is this one<BR /><A href="https://community.cisco.com/t5/identity-services-engine-ise/integrating-a-juniper-switch-with-ise-2-3/td-p/3685582" target="_blank">https://community.cisco.com/t5/identity-services-engine-ise/integrating-a-juniper-switch-with-ise-2-3/td-p/3685582</A><BR /> Fri, 07 Dec 2018 19:47:31 GMT https://community.cisco.com/t5/network-access-control/guest-redirection-using-a-non-cisco-switch/m-p/3759773#M487450 Jason Kunst 2018-12-07T19:47:31Z https://community.cisco.com/t5/network-access-control/guest-redirection-using-a-non-cisco-switch/m-p/3760527#M487462 <P>It turns out that Juniper does not support CWA on 4200EX series of switches.</P> <P>The tested switch from Cisco is 3200 series.</P> <P>The&nbsp;list is&nbsp;provided below in the document from Juniper:&nbsp;<A href="https://apps.juniper.net/feature-explorer/feature-info.html?fKey=7084&amp;fn=Central%20Web%20authentication " target="_self">here</A></P> Mon, 10 Dec 2018 13:03:10 GMT https://community.cisco.com/t5/network-access-control/guest-redirection-using-a-non-cisco-switch/m-p/3760527#M487462 dgaikwad 2018-12-10T13:03:10Z