Hi,
i got the following Problem:
I setted up 802.1X on my EX2200 and it seems to work fine, but if someone fails the first Policy on my RADIUS I want to trigger an Port Filter on the Interface the person is connected to (only DHCP allowed on the Interface). The Filter works fine but I cant manage to trigger it using an VSA. I tried VSA 11 & 48 yet. My RADIUS is a Windows Server 2012 R2, my dot1x config looks like this:
dot1x {
authenticator {
authentication-profile-name 8021X-Profile;
static {
---:--:--:--:--:--/48 {
vlan-assignment test;
interface ge-0/0/0.0;
}
---:---:---:--:--:--/48 {
vlan-assignment test;
interface ge-0/0/0.0;
}
}
interface {
ge-0/0/0.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/1.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/2.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/3.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/4.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/5.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/6.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/7.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/8.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/9.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/10.0 {
supplicant multiple;
reauthentication 3600;
}
ge-0/0/11.0 {
supplicant multiple;
reauthentication 3600;
}
}
}
}
And thats my Filter:
filter filter1 {
term term1 {
from {
source-address {
0.0.0.0/32;
}
destination-address {
255.255.255.255/32;
}
protocol udp;
source-port 68;
destination-port 67;
}
then accept;
}
term term2 {
from {
protocol udp;
source-port [ 67 68 ];
destination-port [ 67 68 ];
}
then accept;
}
}
Has anybody tried something similiar and could help me out? I would be very grateful. I spent hours searching the Examples and Wiki Sites but i can't manage to find the solution.