User guide

Odyssey Access Client User Guide

4  OAC in an Enhanced Security Network with Unified Access Control

In a UAC network, OAC communicates with the Infranet Controller to authenticate

and establish security compliance. The Infranet Controller authenticates you as a

user and determines which protected resources you can access based on your user

name and the realm and role to which you belong. (See “Specifying a Preferred

Realm and Role” on page 74.) The Infranet Controller then informs another

appliance on the network, called the Infranet Enforcer, about the resources that you

are allowed to access. The Infranet Enforcer is a firewall that enables or denies you

access to the resources.

For a broader discussion of UAC components and concepts, refer to the Juniper

Networks Unified Access Control Administration Guide.

OAC Authentication in a UAC Network

In a UAC network, OAC users can authenticate to the network in the following ways:

 A wired (Layer 2) connection through an 802.1X switch.

 A wireless (Layer 2) connection through an 802.1X wireless access point.

 A direct (Layer 3) connection to an Infranet Controller. In this case, OAC

connects to the Infranet Controller and authentication occurs using an

EAP-over-HTTP.

The Infranet Controller performs the authentication for each of these connection

methods. You can also connect to both a network (wired or wireless) and to an

Infranet Controller. Ask your network administrator for the recommended

connection methods for your network.

Figure 2 and Figure 3 show the difference in network connections for a network

without 802.1X support and a network with 802.1X support.

Figure 2: OAC Authentication in a Network without 802.1X (Layer 3)