Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

authorization-order

Syntax

Hierarchy Level

Description

Set the order in which AAA tries different methods to verify that a client is authorized access to the router or switch. For each login attempt, AAA tries the authorization methods in order, from first to last.

A given subscriber does not undergo both authentication and authorization as separate steps. When both authentication-order and authorization-order are specified, DHCP subscribers honor the configured authorization order, all other subscribers use the configured authentication-order.

Options

authorization-methods

Ordered list of methods to use for authorization attempts. The list includes one or more of the following methods in any combination:

  • jsrc—Use the JSRC application in an SRC environment to request authorization from the SAE when verifying that a subscriber can access the router or switch.

    • When you configure both this option and authentication-order, AAA ignores the authentication order setting for DHCP subscribers. For non-DHCP subscribers, AAA ignores the authorization order and applies only the authentication order.

    • When you configure only this option, AAA applies the authorization order to both DHCP and non-DHCP subscribers.

  • nasreq—Use the NASREQ application to communicate with a NASREQ server for authorization of any subscriber type as an alternative to RADIUS authorization.

  • none—No authorization is performed. Can be used, for example, when the Diameter function Gx-Plus is employed for notification during subscriber provisioning.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.6.

nasreq option added in Junos OS Release 16.1.