802.1x on the Wire with Juniper RRS feed

  • Question

  • We currently have a 802.1x wireless solution that has been working great using NPS with tunnel-id's to assist with placing specific AD groups into their respective VLANs.  I'm not necessarily looking to be as granular on the wire, but would like to only activate switch ports on a specific VLAN called 'Data' for users that are part of the 'Staff' group.

    From what I've researched, I have the proper configuration on our Juniper EX4200 switch chassis', but I'm not successful with communicating to NPS.  I'm also not getting a definite answer from Juniper if I need a Vendor Specific code or not, but I believe its only required if I wanted to dynamically place users into different VLANs.

    As far as the client side configuration we have an internal CA with our own certificate that is pushed to all devices, however I need to configure "wired zero config" and have not looked into that yet.  Sounds like wired zero config is similar to the GPO I configured for setting up the wireless profile for our AD devices.

    So in short: Juniper config looks good, but is not talking to NPS and client device configuration requirements are unknown.

    Does anyone have experience with Juniper EX4200 802.1x on the wire?

    Wednesday, November 5, 2014 3:39 PM


  • Hi,

    Based on your description, the question is that the Juniper EX4200 switch can’t communicate to NPS server and how to configure the wired client.

    About the Juniper switch can’t communicate to NPS, are there any event logs in the NPS server? As we know, the packets between the switch and the NPS are RADIUS Access-Request, RADIUS Access-Challenge, RADIUS Access-Accept and RADIUS Access-Reject packet. Did the NPS receive any RADIUS Access-Request packet from the switch? Maybe you can try to use Network Monitor to capture packets on the NPS server, to see if the NPS received the RADIUS packet. If the NPS server received the RADIUS packet but the authentication failed, there are some event logs in the NPS server.

    About the client configuration, maybe you can try to use the method below,

    Configure 802.1X Wired Access Clients by using Group Policy Management


    Best Regards,


    • Marked as answer by Tina_Tan Tuesday, November 18, 2014 1:49 AM
    Friday, November 7, 2014 6:13 AM