 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |
To use RADIUS authentication on the router, configure information about one or more RADIUS servers on the network by including the radius-server statement at the [edit system] hierarchy level. For example:
- [edit system]
- radius-server 192.168.43.6 {
- accounting-port 4096;
- port 1812;
- retry 3;
- secret “$9$sdgoHjgYfmmLO9A”; # SECRET-DATA
- timeout 3;
- }
You can specify a port number on which to contact the RADIUS server. By default, port number 1812 is used (as specified in RFC 2865).
You must specify a password in the secret statement. Passwords can contain spaces. The secret used by the local router must match that used by the server.
Optionally, you can specify the amount of time that the local router waits to receive a response from a RADIUS server (in the timeout statement), and the number of times that the router attempts to contact a RADIUS authentication server (in the retry statement). By default, the router waits 3 seconds. You can configure this to be a value in the range from 1 through 90 seconds. By default, the router retries connecting to the server three times. You can configure this to be a value in the range from 1 through 10 times.
To configure multiple RADIUS servers, include multiple radius-server statements.
To configure a set of users that share a single account for authorization purposes, create a template user.
You can also configure RADIUS authentication at the [edit access] and [edit access profile] hierarchy levels. The JUNOS software uses the following search order to determine which set of servers are used for authentication:
- [edit access profile profile-name radius-server],
- [edit access radius-server server-address],
- [edit system radius-server ]
For more information, see the JUNOS System Basics Configuration Guide or the J-series Services Router Administration Guide.
| Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |