Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating a Remote Authentication Server

    To run Junos Space Network Management Platform remote authentication, you must create one or more remote authentication servers and configure the server settings.

    To create a remote authentication server:

    1. Select Administration > Authentication Servers.

      The Authentication Servers page is displayed.

    2. (Optional) If you want to use one of the remote authentication modes supported by Junos Space Platform, in the Authentication Mode Setting area, perform the following tasks:

      Note: Junos Space Platform allows you to add authentication servers even when you are using local authentication. This enables you to configure the authentication server settings before enabling and specifying a remote authentication mode.

      1. Select the Use Remote Authentication check box.

        The option button to specify the remote authentication mode is enabled.

      2. Specify the remote authentication mode that you want to use. Do one of the following:
        • Select Remote Authentication Only to use the remote authentication mode supported by Junos Space Platform.
        • Select Remote-Local Authentication to use the remote local authentication mode supported by Junos Space Platform.
      3. Click Save to store the remote authentication mode setting you select.
    3. To add a remote authentication server:
      1. Click the + (Add auth server) icon.

        The Create Auth Server dialog box is displayed.

      2. Specify the remote authentication server fields, as explained in Table 1; all the fields are mandatory.

        Table 1: Remote Authentication Server Parameters

        Parameter

        Description

        Server Type

        Specify the type of the authentication server:

        • RADIUS—Authenticate users by using a RADIUS server.
        • TACACS+—Authenticate users by using a TACACS+ server.

        Server Name

        Specify the name of the remote authentication server.

        The remote authentication server name cannot exceed 128 characters and can contain only letters, numbers, hyphens, underscores, or periods.

        Protocol

        Select one of the following authentication protocols supported by the remote server:

        • PAP—Password Authentication Protocol
        • CHAP—Challenge Handshake Authentication Protocol
        • MS-CHAPv2—(RADIUS only) Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

        IP Address

        Specify the IP address of the remote authentication server.

        Note:

        • Depending on whether the Junos Space fabric is configured with only IPv4 addresses or both IPv4 and IPv6 addresses, Junos Space Platform allows you to enter an IPv4 address or either an IPv4 or IPv6 address respectively for the remote authentication server.
        • The IPv4 and IPv6 addresses that you use must be valid addresses. Refer to http://www.iana.org/assignments/ipv4-address-space for the list of restricted IPv4 addresses and http://www.iana.org/assignments/ipv6-address-space for the list of restricted IPv6 addresses.

        Port Number

        Specify the UDP port number assigned by the remote authentication server.

        The default port number is 1812 for RADIUS authentication and 49 for TACACS+ authentication.

        Shared Secret

        Specify the password (shared secret) that is used for authentication between the remote authentication server, the proxy authentication server, and Junos Space Platform.

        The shared secret that you specify must match the shared secret configured in the RADIUS or TACACS+ server.

        Confirm Shared Secret

        Reenter the password (shared secret) to confirm.

        Number of Tries

        Specify the number of retries that a Junos Space Platform attempts to contact the remote authentication server.

        After the specified number of tries is exceeded and if you have configured other servers, Junos Space Platform attempts to contact the other authentication servers one by one.

        You can enter a value from 1 through 5; the default is 3 tries.

        Max Retry Timeout MSecs

        Specify the interval (in milliseconds) that the Junos Space Platform waits for a reply from the remote authentication server before it times out.

        The minimum value is 1000 milliseconds and the default is 6000 milliseconds.

      3. Click OK.

        The remote authentication server is created and displayed in the table on the Authentication Servers page.

    4. (Optional) Click Test Connection to verify the connection from Junos Space Platform to the remote authentication server.
      • If the test connection result is a success, the remote authentication server is reachable.
      • If the test connection result is a failure, the remote authentication server is unreachable.
      • If the test connection result displays the message Mismatched shared secret, then the configured shared secret for that server is incorrect. Ensure that you have entered the correct remote authentication server shared secret details.

    Modified: 2017-09-13