Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring RADIUS Servers

 

You must configure RADIUS servers before you can configure a RADIUS network element. A network element is a load-balanced group of RADIUS servers providing policy management for TDF subscribers.

To configure a RADIUS server:

  1. Configure a name for the RADIUS server.
  2. Specify the IP address of the RADIUS server.
  3. Configure an interface and IPv4 address to specify the source for RADIUS requests. The MX Series router sends RADIUS requests to the RADIUS server using this source address.
  4. Configure a shared secret (password) to be used by the MX Series router and the RADIUS server.
  5. Configure the port number to which the RADIUS requests are sent.
  6. Specify the RADIUS server port number to which the MX Series router sends RADIUS accounting-start and accounting-stop requests. RADIUS accounting-start and accounting-stop requests are used when the RADIUS server is not able to initiate a change of authorization (CoA) request without an accounting record.
  7. Configure the secret password to be used when sending accounting-start requests to the RADIUS server if the accounting secret password is different from the authentication secret password. RADIUS accounting-start requests are used when the RADIUS server is not able to initiate a CoA request without an accounting record.
  8. Configure the number of attempts to contact the RADIUS server that the MX Series router is allowed to make when it does not receive a response to its initial request. You can specify from 1 through 10 retries. The default is 3.
  9. Configure the amount of time that the MX Series router waits to receive a response from a RADIUS server before retrying a request. By default, the MX Series router waits 3 seconds. You can configure the timeout to be from 1 through 90 seconds.
  10. Allow dynamic requests from the RADIUS server so that CoA requests can be received.
  11. Configure the secret password to be used for CoA requests from the RADIUS server.
  12. Configure a limit to the number of request retries within a specified time interval that the MX Series router can send to the RADIUS server. If the number of retries reaches this limit, the RADIUS server is marked as dead, and the MX Series router begins to send requests to other RADIUS servers in the network element.
  13. Configure the amount of time that must pass after a RADIUS server is first marked dead until it is marked as alive by the MX Series router. When the MX Series router marks the RADIUS server as alive, it can again send requests to the RADIUS server.