Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    RADIUS Dynamic-Request Server Overview

    The E Series router’s RADIUS dynamic-request server feature provides an efficient way for you to use RADIUS servers to centrally manage user sessions. The RADIUS dynamic-request server enables the router to receive the following types of messages from RADIUS servers:

    • Disconnect messages—Immediately terminate specific user sessions.
    • Change-of-Authorization (COA) messages—Dynamically modify session authorization attributes, such as data filters.

      Note: The RADIUS dynamic-request server’s support for COA messages is used by the Service Manager and by the E Series router’s packet mirroring feature. For information about using the Service Manager, see the Configuring Service Manager chapter in this guide. For specific information about using the dynamic-request server with packet mirroring, see the Configuring RADIUS-Based Packet Mirroring chapter in the JunosE Policy Management Configuration Guide.

    For example, you might use the RADIUS dynamic-request server to terminate specific user sessions. Without the RADIUS dynamic-request server, the only way to disconnect a RADIUS user is from the E Series router. This disconnect method is cumbersome when a network has many systems. The RADIUS dynamic-request server allows RADIUS servers to initiate user-related operations, such as a termination operation, by sending unsolicited request messages to an E Series router.

    Figure 1 shows a network that would benefit from the RADIUS dynamic-request server functionality. In Figure 1, instead of disconnecting users on each E Series router, the RADIUS servers can initiate the disconnection. Although the network has multiple RADIUS servers, the servers share a common database that contains authorization and accounting information. Having a common database allows any server to view who is currently valid and connected, and allows service providers to manage the disconnection of users.

    Figure 1: Sample Remote Access Network Using RADIUS

    Sample Remote Access Network Using RADIUS

    Published: 2014-08-20