Enforcement using EX Series Ethernet Switches

Overview

You can use the EX Series switch as an Infranet Enforcer with PPS. With this solution, PPS is the policy decision point, while the switch is the policy enforcement point. In prior releases, Layer 3 firewalls were the only option for policy enforcement points. This scenario allows enforcement with 802.1X deployments.

To employ the switch as an Infranet Enforcer, you configure a connection between the EX Series switch and the PPS, establish communication, set up 802.1X, configure PPS parameters for admission to the network, and configure resource access policies.

Upon successful configuration, the following occurs:

The EX Series switch sends a connection request to PPS.

The EX Series switch shares its RADIUS configuration with PPS from the CLI configuration on the switch.

PPS creates the RADIUS client for the EX Series switch using the information provided.

When a user successfully authenticates, PPS provides an auth table entry to the connected EX Series switch. The auth table includes the MAC address of the user, the assigned roles and the port index.

PPS must receive the attributes Calling Station ID and Network Access Server (NAS) Port from the switch to successfully make the connection.