— Exhibit —
user@SwitchA> show dot1x interface detail ge-0/0/2.0
ge-0/0/2.0
RolE. Authenticator
Administrative statE. Auto
Supplicant modE. Multiple
Number of retries: 3
Quiet perioD. 60 seconds
Transmit perioD. 30 seconds
Mac Radius: Enabled
Mac Radius Restrict: Enabled
Reauthentication: Enabled
Configured Reauthentication interval: 3600 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 2
Guest VLAN member: <not configured>
Number of connected supplicants: 2
user@SwitchA>
— Exhibit —
Click the Exhibit button.
Host 1, Host 2, and Host 3 are connected to Switch A on interface ge-0/0/2. Host 1 and Host 2 do
not support 802.1X. They can authenticate and connect to the Internet. Host 3 was added and it
supports 802.1X; however, it is unable to authenticate.
Referring to the exhibit, how do you allow Host 3 to authenticate to the network but maintain
secure access?
A.
Enable fallback authentication for 802.1X.
B.
Disable MAC RADIUS Restrict option on ge-0/0/2.
C.
Disable MAC RADIUS option on ge-0/0/2.
D.
Enable Administrative mode for 802.1X.
http://www.juniper.net/documentation/en_US/junos12.2/topics/example/authentication-mac-radius-ex-series.html
Additionally, if an interface is only connected to a non-802.1X-enabled host, you can enable MAC RADIUS and not enable 802.1X authentication using the mac-radius restrict option, and thus avoid the delay that occurs while the switch determines that the device is does not respond to EAP messages.