 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Both the extended DHCP local server and the extended DHCP relay agent support the use of external AAA authentication services, such as RADIUS, to authenticate DHCP clients. When the extended DHCP local server or relay agent receives a discover PDU from a client, the extended DHCP application contacts the AAA server to authenticate the DHCP client. The extended DHCP application can obtain client addresses and DHCP configuration options from the external AAA authentication server.
The external authentication feature also supports AAA directed logout. If the external AAA service supports a user log out directive, the extended DHCP relay agent honors the logout and views it as if it was requested by a CLI management command. All of the client state information and allocated resources are deleted at logout. The extended DHCP relay agent supports directed logout using the list of configured authentication servers you specify with the authentication statement at the [edit access profile profile-name] hierarchy.
You can configure either global authentication support or group-specific support.
You must configure the username-include statement to enable the use of authentication. The password statement is not required and does not cause DHCP to use authentication if the username-include statement is not included.
See “Using External AAA Authentication Services” in the JUNOS System Basics Configuration Guide for details about configuring external AAA authentication support for the DHCP relay agent.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |