I have an SRX. I want to try its dot1x capabilities.
I also have an MAG-device setup in NAC-mode. I want users to receive a logon prompt on their machines upon plugging in a network cable.
I want the SRX to pass the information (radius request) and the MAG to accept the request (radius accept). Optionally I would like the MAG to return additional attributes such as port VLAN ID.
Can I have the MAG acting as a Radius-server it self? Or would I have to use an external authentication source and proxy through to that? It seems no matter what I do I can't make the MAG listen on port 1822/1823 or 1645/1646. Thus my SRX can't have users authenticated against the MAG.
I have found several docs for configuring this, but they are ambiguous. That is confusing me.
How to proceed?