Hi, I am currently testing 802.1x authentication. I have done the setup on an EX2300C running Junos 15.1X53-D56. Everything look to work as expected. Our radius server, freeradius, return proper vlan information and then the port is move to the right vlan. However I am having an issues where once the user logged in, if his assigned vlan different than the default assiged one to the PC, the system doesn't renew is IP address. I guess that when vlan change the port should be automatically bounce in order to force client to renew their IP address. Am I doing something wrong ? Here the configuration I use...
lpaulin@wlt4-testing-01# show protocols dot1x
traceoptions {
file dot1x size 10m files 2;
flag vlan;
flag state;
flag normal;
flag general;
flag eapol;
flag dot1x-ipc;
flag dot1x-event;
flag config-internal;
flag task;
flag timer;
flag parse;
}
authenticator {
authentication-profile-name stingray-users;
interface {
ge-0/0/10.0 {
supplicant multiple;
mac-radius {
flap-on-disconnect;
}
reauthentication 60;
guest-vlan 142;
}
}
}
lpaulin@wlt4-testing-01# show access
radius-server {
10.250.a.a {
secret "somethingSecret"; ## SECRET-DATA
source-address 10.250.c.c;
}
10.250.a.b {
secret "somethingSecret"; ## SECRET-DATA
source-address 10.250.c.c;
}
}
profile stingray-users {
authentication-order radius;
radius {
authentication-server [ 10.250.a.a 10.250.a.b ];
}
}
lpaulin@wlt4-testing-01# show interfaces ge-0/0/10
description SpareLaptop;
unit 0 {
family ethernet-switching {
interface-mode access;
storm-control default;
}
}