802.1x in Juniper EX series to cisco 9200

Jsapkom · ‎02-28-2024

can anyone help to change the below Juniper 802.1x config to Cisco 9200 config.

set protocols dot1x authenticator authentication-profile-name CLIENT-AUTH
set protocols dot1x authenticator interface OFFICE-LAN supplicant single-secure
set protocols dot1x authenticator interface OFFICE-LAN retries 3
set protocols dot1x authenticator interface OFFICE-LAN transmit-period 20
set protocols dot1x authenticator interface OFFICE-LAN reauthentication 3153600
set protocols dot1x authenticator interface OFFICE-LAN supplicant-timeout 20
set protocols dot1x authenticator interface OFFICE-LAN server-timeout 30
set protocols dot1x authenticator interface OFFICE-LAN server-fail deny

set access radius-server xxx.xxx.xxx.xxx secret "dfgserhdfhhdfhdhdfgdgdfgd"
set access radius-server yyy.yyy.yyy.yyy secret "552525252525fdgssdg34sers"
set access profile CLIENT-AUTH authentication-order radius
set access profile CLIENT-AUTH radius authentication-server xxx.xxx.xxx.xxx
set access profile CLIENT-AUTH radius authentication-server yyy.yyy.yyy.yyy

Thank you

Jsapkom · ‎02-28-2024

The OFFICE-LAN comprises interface range and has been configured with a vlan 100.

Reza Sharifi · ‎02-28-2024

Have a look at this document. It has config examples:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/16-11/configuration_guide/sec/b_1611_sec_9200_cg/configuring_ieee_802_1x_port_based_authentication.html

HTH

Jsapkom · ‎02-28-2024

I have already mapped the configuration according to the document but how do we assign the vlan 100 once authentication is successful.

Reza Sharifi · ‎02-28-2024

should be whatever access vlan the port is assigned to:

https://community.cisco.com/t5/security-blogs/802-1x-switch-configuration-summarized/ba-p/4442000

Jsapkom · ‎02-29-2024

Do we need to make any change on the ISE/ Authentation server or at client end as well when we are replacing the Juniper with Cisco switch

Reza Sharifi · ‎02-29-2024

You should not need to make any changes on the client end, as you are simply replacing one vendor with another one. As for Cisco ISE, I am not familiar with it but if it worked in the past with Juniper switches, it should work fine with Cisco.

HTH

MHM Cisco World · ‎02-29-2024

for the client not need for ISE I think you need to use cisco dictionary instead of Juniper dictionary

MHM