08-10-2018 12:27 AM
We are going to start integrating the Juniper MX series switch with ISE in coming week.
The require NAD profile has been imported in ISE and I also have the sample config that is provided for Juniper switches.
I belive that the configuration on Juniper switches is not going to as same and easy as Cisco switches.
I need some pointers and advice as off what I shall be doing right and and what shall be avoided.
08-10-2018 12:55 AM
I just googled and came across this link - https://www.juniper.net/documentation/en_US/junos/topics/example/802-1x-pnac-ex-series-connecting-server-configuring.html
This can be a good starting point.
08-13-2018 02:18 AM
Thanks for the document.
There is one more thing though, as we have a redirect ACL and posture ACL configured on Cisco Switches.
Is there something similar that needs to be followed on Juniper switches?
From what I have heard that, there concept of ACL is pretty much different when it comes to Juniper switches...
I am just wondering is there any ISE and Juniper switch integration specific document that could be used as a reference for this deployment?
11-27-2018 05:10 AM
11-28-2018 11:34 PM
We are working on configuring the ACL and there is some progress that we have made. As it turns out that the configuration of ACLs on Juniper is way different than what we do on a Cisco switch.
So currently we are in trial and error mode till we figure out the correct syntax and configuration for it.
11-27-2018 12:13 PM
I believe they do not support these advanced features that Cisco Switches support. Here is a similar question which contains a statement from juniper (I think) where they have some questions about what they need in order to support these features.
Juniper support forum is the best place to ask this question as they would have to let us know what they expect from the server in order to support these features. ISE simply sends the required attributes that the switches need to redirect/control traffic.
11-28-2018 11:52 PM
Yes, that would be right place to check. The profile that I had imported in ISE states that there is no URL redirection supported:
Again, using auth VLAN here is no feasible, considering the number of sites that they have with Juniper switches.
What I am thinking of using calling home list for all the endpoints that are there for these specific sites, thus eliminating the need to a redirection.
But then I am still looking for a solution to configure Guest redirection on wired network?
Any ideas how could this be accomplished using this current Juniper profile?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: