Notifying RADIUS of AAA Failure

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x Broadband Access Configuration Guide > Configuring Remote Access > Notifying RADIUS of AAA Failure
Notifying RADIUS of AAA Failure

If a user passes RADIUS authentication, but fails AAA authentication, the RADIUS server may still allocate an address for the user from its internal address pool. To indicate to the RADIUS server to free the address, you can set up the router to send an Acct-Stop message if a user fails AAA.

aaa accounting acct-stop on-aaa-failure
Use to cause the router to send an Acct-Stop message if a user fails AAA, but RADIUS grants access.

Example
host1:vr17(config)#aaa accounting acct-stop on-aaa-failure disable
Use the no version to return to the default value, enabled.
aaa accounting acct-stop on-access-deny
Use to cause the router to issue an Acct-Stop message if RADIUS denies access.

Example
host1:vr17(config)#aaa accounting acct-stop on-access-deny enable
Use the no version to return to the default value, disabled.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]