[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Configuring RADIUS-Based Subscriber Authentication and Accounting

This section shows a sample RADIUS-based authentication and accounting configuration.



[edit access]
radius-server {


192.168.1.250 {
port 1812;
accounting-port 1813;
retry 3;
secret &tIUEI*7688+;
source-address 192.168.1.100;
timeout 45;
}




192.168.1.251 {
port 1812;
accounting-port 1813;
retry 3;
secret $Dyu*UY(877-;
source-address 192.168.1.100;
timeout 30;
}




192.168.1.252 {
port 1812;
secret $Dyu*UY(877-;
}


}
profile isp-bos-metro-fiber-basic {


authentication {
order radius none;
}




accounting {
order radius;
accounting-stop-on-access-deny;
accounting-stop-on-failure;
immediate-update;
statistics time;
update-interval 12;
}




radius {
authentication-server 192.168.1.251 192.168.1.252;
accounting-server 192.168.1.250 192.168.1.251;


options {
accounting-session-id-format decimal;
nas-identifier 56;
override-nas-information;
}




attributes {


ignore {
framed-ip-netmask;
}




exclude {
accounting-delay-time [ accounting-on | accounting-off
];
accounting-session-id [ access-request | accounting-on
| accounting-off
| accounting-start accounting-stop ];
dhcp-gi-address [ access-request | accounting-start | accounting-stop
];
dhcp-mac-address [ access-request | accounting-start |
accounting-stop ];
nas-identifier [ access-request | accounting-start | accounting-stop
];
nas-port [ access-request | accounting-start | accounting-stop
];
nas-port-id [ access-request | accounting-start | accounting-stop
];
nas-port-type [ access-request | accounting-start | accounting-stop
];
}


}


}


}

[edit logical-systems isp-bos-metro-12 routing-instances
isp-cmbrg-12-32]
interfaces {


lo0 {


unit 0 {


family inet {
address 192.168.1.100/24;
}


}


}




ge-0/0/0 {
vlan-tagging;


unit 0 {
vlan-id 200;


family inet {
unnumbered-address lo0.0;
}


}


}


}

[Contents] [Prev] [Next] [Index] [Report an Error]