RADIUS Server Options for Subscriber Access
You can specify options that the router uses when communicating with RADIUS authentication and accounting servers for subscriber access.
The following list describes the RADIUS options you can configure:
- client-accounting-algorithm and client-authentication-algorithm—The method the router uses to access RADIUS accounting and
RADIUS authentication servers. You can specify the following methods:
- direct—The default method, in which there is no load balancing. For example, in the direct method, the router always accesses server1 (the primary server) first, and uses server2 and server3 as backup servers.
- round-robin—The round-robin method provides load balancing by rotating router requests among the list of configured RADIUS servers. For example, if three RADIUS servers are configured to support the router, the router sends the first request to server1, and uses server2 and server3 as backup servers. The router then sends the second request to server2, and uses server3 and server1 as backups.
Note: When a RADIUS server in the round-robin list becomes unreachable, the next reachable server in the round-robin list is used for the current request. That same server is also used for the next request since it is at the top of the list of available servers. As a result, after a server failure, the server that is used takes up the load of two servers.
- accounting-session-id-format—The format
the router uses to identify the accounting session. The identifier
can be in one of the following formats. The router uses decimal format by default.
- decimal—For example, 435264
- description—In the format, jnpr interface-specifier:subscriber-session-id. For example, jnpr fastEthernet 3/2.6:1010101010101
- ethernet-port-type-virtual—Specifies that the router uses a physical port type of virtual to authenticate clients. The port type is passed in RADIUS attribute 61 (NAS-Port-Type). By default the router passes a port type of ethernet in RADIUS attribute 61.
- interface-description-format—The information
that is included in or omitted from the interface description that
the router passes to RADIUS for inclusion in the RADIUS attribute
87 (NAS-Port-Id). By default, the router includes both the subinterface and the adapter in the interface description. You can specify:
- adapter—Includes the adapter only.
- subinterface—Includes the subinterface only.
- nas-identifier—The value for the client RADIUS attribute 32 (NAS-Identifier), which is used for authentication and accounting requests. You can specify a string in the range 1 through 64 characters.
- nas-port-extended-format—Configures the
RADIUS client to use the extended format for RADIUS attribute 5 (NAS-Port)
and the width of the fields in the NAS-Port attribute. You can specify:
- adapter-width width—Number of bits in the adapter field.
- port-width width—Number of bits in the port field.
- slot-width width—Number of bits in the slot field.
- stacked-vlan-width width—Number of bits in the SVLAN ID field.
- vlan-width width—Number of bits in the VLAN ID field.
- revert-interval—The number of seconds that the router waits after a server has become unreachable. The router rechecks the connection to the server when the revert-interval expires. If the server is then reachable, it is used in accordance with the order of the server list. You can configure from 0 (off) through 429496729 seconds. The default is 60 seconds.
- vlan-nas-port-stacked-format—Configures RADIUS attribute 5 (NAS-Port) to include the S-VLAN ID, in addition to the VLAN ID, for subscribers on Ethernet interfaces.
