With Juniper switches you can be rest assured that even if your radius server fails, Your network would still be up. Users would still be able login into the network using a phenomenal feature called Switch Cache . If radius server fails, switch can use cache to authenticate the dot1x clients. use-cache—If the RADIUS servers time out during reauthentication, previously authenticated supplicants are reauthenticated, but LAN access is denied for new supplicants. Configuration: set protocols dot1x authenticator authentication-profile-name auth set protocols dot1x authenticator interface ge-0/0/0.0 supplicant multiple set protocols dot1x authenticator interface ge-0/0/0.0 retries 4 set protocols dot1x authenticator interface ge-0/0/0.0 reauthentication 30 set protocols dot1x authenticator interface ge-0/0/0.0 server-timeout 20 set protocols dot1x authenticator interface ge-0/0/0.0 server-fail use-cache set access radius-server 10.130.38.11 secret "x.x.x.x" set access profile auth auth
http://www.ebrahma.com/2013/09/juniper-ex-series-authenticating-users-using-switch-cache/Labels: eBrahma