Juniper-Mist – 802.1X SSID with Jump Cloud

I do not have any radius server in my lab, nor do I have any hardware currently to accomplish this task. I needed a quick easy to deploy and enterprise-level RADIUS server solution that I can utilize to test 802.1X Authentication issues with MistAI and Marvis. I decided to look at some cloud-based providers and went with Jump Cloud.

RADIUS Configuration:

This took me about three to five minutes or less to configure. This is a simple PEAP-MSCHAPv2 deployment for testing. As far as I know Jump Cloud does not support EAP-TLS currently. Note: I will do a real quick overview of Jump Cloud instead of going into each and every feature that it offers in this post.

Step 1: Create user groups and assign RADIUS attributes

Jump Cloud
Jump Cloud – User Groups
Jump Cloud – User Group (RADIUS)

Step 2: Create users and assign them to a group.

Jump Cloud – Users
Jump Cloud – Users (User Groups)

Step 3: Define a RADIUS Server and assign groups

Jump Cloud – RADIUS
Jump Cloud – RADIUS (User Groups)

Configuring 802.1X SSID – Mist:

This is a straightforward and simple process, with some mandatory and some optional settings.

  • SSID Name
  • Security Type
  • Define RADIUS Auth/Acct servers
Mist – Configure 802.1X SSID
Mist – Configure 802.1X SSID (RADIUS)

Add some VLANs quick

Mist – Configure 802.1X SSID (VLAN)

Save and we are good to go. Let’s try to connect and see what happens. NOTE: This user is assigned to VLAN30 User Group in Jump Cloud so my IP should be from the 192.168.30.0/24 network.

iPhone

NOTE: I noticed that video went blank during screen recording and I had to type my password.

Jump Cloud – Activity Logs:

Jump Cloud offers some excellent user activity logs as compared to Microsoft NPS.

Jump Cloud – User Activity Log

This is a quick snippet of a failure log:

Following picture shows a success log:

Here is a quick look at the connectivity in the Mist Dashboard:

Juniper-Mist – Client Events

I am able to see when the client failed Authorization and even look at the frame captures of the whole process. This gives me excellent advantage when trying to troubleshoot. I am also able to see the successful Authorization.

Few points I’d like to make here in the end:

  • All this can be accomplished not only from the UI but using the APIs
  • Juniper-Mist and Jump Cloud both offer APIs for configuration
  • What is absolutely impressive here is that I can do all this without using any automation in 5 min.
  • Using Python, yaml, csv files and automation I am able to configure 100’s of users, multiple sites, SSID’s VLANs etc utilizing Juniper-Mist APIs.
  • Juniper-Mist make ease of deployment a reality.
  • Stay tuned for the next post…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WordPress SEO