Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Specifying RADIUS Server Connections on a Security Device

 

This example shows how to specify a RADIUS server for 802.1X authentication to provide network edge security.

Note

From Junos OS Release 15.1X49-D40 to Junos OS Release 15.1X49-D75 and Junos OS Release 17.3R1, specifying a RADIUS server for 802.1X authentication is not supported.

Note

Starting in Junos OS 15.1X49-D80, 802.1X port-based authentication is supported on SRX300, SRX320, SRX340, SRX345, SRX550M, and SRX1500 devices.

Requirements

Before you begin, verify that the interfaces used are in switch mode. See Example: Configuring Switching Modes on Security Devices.

  • To use 802.1X or MAC RADIUS authentication, you must specify the connections on the SRX Series device for each RADIUS server to which you will connect.

Overview

In this example, you set the RADIUS server IP address to 10.204.96.165 and the secret password to abc. The secret password on the device must match the secret password on the server. You can set the number of retries after which port is placed into wait state to 5.

Then you create a profile called profile1 and set the authentication order to radius. You can specify one or more RADIUS servers to be associated with profile1. Finally, you define profile1 as the authentication profile for 802.1X or MAC RADIUS authenticator.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To specify a RADIUS server for 802.1X authentication:

  1. Configure access.
    Note

    For 802.1X authentication, the RADIUS server must be configured at the access hierarchy level.

  2. Define the IP address and the secret password for the RADIUS server.
  3. Specify the number of retries after which port is placed into wait state to 5.
  4. Create the profile.
  5. Configure the authentication order.
  6. Specify one or more RADIUS servers to be associated with profile1.
  7. Define authentication profile.

Results

From configuration mode, confirm your configuration by entering the show access and show protocols dot1x commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Verifying a RADIUS Server

Purpose

Verify that the RADIUS server is configured properly.

Action

From configuration mode, enter the show access and show protocols dot1x commands.

Release History Table
Release
Description
Starting in Junos OS 15.1X49-D80, 802.1X port-based authentication is supported on SRX300, SRX320, SRX340, SRX345, SRX550M, and SRX1500 devices.
From Junos OS Release 15.1X49-D40 to Junos OS Release 15.1X49-D75 and Junos OS Release 17.3R1, specifying a RADIUS server for 802.1X authentication is not supported.