[Prev][Next][Report an Error]

Specifying RADIUS Server Connections on an SRX Series or J Series Device (CLI)

To use 802.1X or MAC RADIUS authentication, you must specify the connections on the SRX Series or J Series device for each RADIUS server to which you will connect.

To configure a RADIUS server:

  1. Navigate to the access hierarchy and define the RADIUS server by its IP address and secret password. The secret password on the SRX Series or J Series device must match the secret password on the server.

    Note: For 802.1X authentication, the RADIUS server must be configured at the access hierarchy level.


    [edit]
    user@host# edit access
    [edit access]
    user@host# set radius-server 10.0.0.100 port 1812 secret abc

    To define more than one RADIUS server, you need to enter separate radius-server commands.

  2. (Optional) Specify the IP address that the RADIUS server uses to identify the SRX Series or J Series device.

    By default, the RADIUS server uses the address of the interface sending the RADIUS request to determine the source of a request. If the request has been diverted on an alternate route to the RADIUS server, however, the interface relaying the request might not be an interface on the SRX Series or J Series device. To ensure that the source is identified correctly, specify its IP address explicitly.


    [edit access]
    user@host# set radius-server 10.0.0.100 source-address 10.93.14.100
  3. Create a profile and configure the authentication order, making radius the first method of authentication.

    [edit access]
    user@host# set profile profile1 authentication-order radius

  4. Specify one or more RADIUS servers to be associated with profile1.

    [edit access]
    user@host# set profile profile1 radius authentication-server 10.0.0.100

  5. Navigate to the top of the hierarchy and define profile1 as the authentication profile for 802.1X or MAC RADIUS authenticator.

    [edit access]
    user@host# top
    [edit]
    user@host# set protocols dot1x authenticator authentication-profile-name profile1

  6. Configure the IP address of the SRX Series or J Series device in the list of clients on the RADIUS server. For specifics on configuring the RADIUS server, consult the documentation for your server.

[Prev][Next][Report an Error]