Specifying RADIUS Server Connections on an SRX Series or J Series Device (CLI)
To use 802.1X or MAC RADIUS authentication, you must specify the connections on the SRX Series or J Series device for each RADIUS server to which you will connect.
To configure a RADIUS server:
- Navigate to the access hierarchy and define the
RADIUS server by its IP address and secret password. The secret password
on the SRX Series or J Series device must match the secret password
on the server.
Note: For 802.1X authentication, the RADIUS server must be configured at the access hierarchy level.
[edit]user@host# edit access[edit access]user@host# set radius-server 10.0.0.100 port 1812 secret abcTo define more than one RADIUS server, you need to enter separate radius-server commands.
- (Optional) Specify the IP address that the RADIUS
server uses to identify the SRX Series or J Series device.
By default, the RADIUS server uses the address of the interface sending the RADIUS request to determine the source of a request. If the request has been diverted on an alternate route to the RADIUS server, however, the interface relaying the request might not be an interface on the SRX Series or J Series device. To ensure that the source is identified correctly, specify its IP address explicitly.
[edit access]user@host# set radius-server 10.0.0.100 source-address 10.93.14.100 - Create a profile and configure the authentication
order, making radius the first method of authentication.
[edit access]user@host# set profile profile1 authentication-order radius - Specify one or more RADIUS servers to be associated
with profile1.
[edit access]user@host# set profile profile1 radius authentication-server 10.0.0.100 - Navigate to the top of the hierarchy and define
profile1 as the authentication profile for 802.1X or MAC RADIUS authenticator.
[edit access]user@host# top [edit]user@host# set protocols dot1x authenticator authentication-profile-name profile1 - Configure the IP address of the SRX Series or J Series device in the list of clients on the RADIUS server. For specifics on configuring the RADIUS server, consult the documentation for your server.