Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3017
Views
0
Helpful
6
Replies

Integrating a Juniper switch with ISE 2.3

dgaikwad
Level 5
Level 5

‎08-10-2018 12:27 AM

Hi Experts,

We are going to start integrating the Juniper MX series switch with ISE in coming week.

The require NAD profile has been imported in ISE and I also have the sample config that is provided for Juniper switches.

I belive that the configuration on Juniper switches is not going to as same and easy as Cisco switches.

I need some pointers and advice as off what I shall be doing right and and what shall be avoided.

0 Helpful
6 Replies 6

Nidhi
Cisco Employee
Cisco Employee

‎08-10-2018 12:55 AM

Hi Dinesh, 

 

I just googled and came across this link - https://www.juniper.net/documentation/en_US/junos/topics/example/802-1x-pnac-ex-series-connecting-server-configuring.html 

This can be a good starting point.

 

Thanks,

Nidhi

0 Helpful

dgaikwad
Level 5
Level 5
In response to Nidhi

‎08-13-2018 02:18 AM

Thanks for the document.

There is one more thing though, as we have a redirect ACL and posture ACL configured on Cisco Switches.

Is there something similar that needs to be followed on Juniper switches?

From what I have heard that, there concept of ACL is pretty much different when it comes to Juniper switches...

 

I am just wondering is there any ISE and Juniper switch integration specific document that could be used as a reference for this deployment?

 

0 Helpful

misinsuan2229
Level 1
Level 1
In response to dgaikwad

‎11-27-2018 05:10 AM

Hi,

have you able manage the ACL and redirect ACL on Juniper? Just wondering as I am not seeing so much documentation about it.
0 Helpful

dgaikwad
Level 5
Level 5
In response to misinsuan2229

‎11-28-2018 11:34 PM

We are working on configuring the ACL and there is some progress that we have made. As it turns out that the configuration of ACLs on Juniper is way different than what we do on a Cisco switch.

So currently we are in trial and error mode till we figure out the correct syntax and configuration for it.

0 Helpful

Surendra
Cisco Employee
Cisco Employee
In response to dgaikwad

‎11-27-2018 12:13 PM

I believe they do not support these advanced features that Cisco Switches support. Here is a similar question which contains a statement from juniper (I think) where they have some questions about what they need in order to support these features. 

 

https://community.cisco.com/t5/identity-services-engine-ise/juniper-web-redirection/td-p/3602636 

 

Juniper support forum is the best place to ask this question as they would have to let us know what they expect from the server in order to support these features. ISE simply sends the required attributes that the switches need to redirect/control traffic.

 

0 Helpful

dgaikwad
Level 5
Level 5
In response to Surendra

‎11-28-2018 11:52 PM

Yes, that would be right place to check. The profile that I had imported in ISE states that there is no URL redirection supported:

Juniper - posture redirect.JPG

Again, using auth VLAN here is no feasible, considering the number of sites that they have with Juniper switches.

What I am thinking of using calling home list for all the endpoints that are there for these specific sites, thus eliminating the need to a redirection.

But then I am still looking for a solution to configure Guest redirection on wired network?

Any ideas how could this be accomplished using this current Juniper profile?

0 Helpful
Customers Also Viewed These Support Documents