 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
To use RADIUS authentication on the router, configure information about one or more RADIUS servers on the network by including one radius-server statement at the [edit system] hierarchy level for each RADIUS server:
- [edit system]
-
radius-server server-address {
-
accounting-port port-number;
-
port port-number;
-
retry number;
-
secret password;
-
source-address source-address;
-
timeout seconds;
- }
server-address is the address of the RADIUS server.
You can specify a port on which to contact the RADIUS server. By default, port number 1812 is used (as specified in RFC 2865). You can also specify an accounting port to send accounting packets. The default is 1813 (as specified in RFC 2866).
You must specify a password in the secret password statement. If the password contains spaces, enclose it in quotation marks. The secret used by the local router must match that used by the server.
Optionally, you can specify the amount of time that the local router waits to receive a response from a RADIUS server (in the timeout statement) and the number of times that the router attempts to contact a RADIUS authentication server (in the retry statement). By default, the router waits 3 seconds. You can configure this to be a value in the range from 1 through 90 seconds. By default, the router retries connecting to the server 3 times. You can configure this to be a value in the range from 1 through 10 times.
You can use the source-address statement to specify a logical address for individual or multiple RADIUS servers.
To configure multiple RADIUS servers, include multiple radius-server statements.
To configure a set of users that share a single account for authorization purposes, you create a template user. To do this, include the user statement at the [edit system login] hierarchy level, as described in Configuring Template Accounts for RADIUS and TACACS+ Authentication.
You can also configure RADIUS authentication at the [edit access] and [edit access profile] hierarchy level. The JUNOS software uses the following search order to determine which set of servers are used for authentication:
- [edit access profile profile-name radius-server server-address],
- [edit access radius-server server-address],
- [edit system radius-server server-address]
For more information, see Configuring Access.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |