Configuring RADIUS Authentication and Accounting Servers
The number of RADIUS servers you can configure depends on available memory.
The order in which you configure servers determines the order in which the router
contacts those servers on behalf of clients.
Initially, a RADIUS client sends a request to a RADIUS authentication or accounting
server. The RADIUS server uses the configured IP address, the UDP port number,
and the secret key to make the connection. The RADIUS client waits for a response
for a configurable timeout period and then retransmits the request. The RADIUS
client retransmits the request for a user-configurable retry limit.
■
If there is no response from the primary RADIUS server, the RADIUS client
submits the request to the secondary RADIUS server using the timeout period
and retry limit configured for the secondary RADIUS server.
■
If the connection attempt fails for the secondary RADIUS server, the router
submits the request to the tertiary server and so on until it either is granted
access on behalf of the client or there are no more configured servers.
■
If another authentication server is not configured, the router attempts the next
method in the method list; for accounting server requests, the information is
dropped.
For example, suppose that you have configured the following authentication servers:
Auth1, Auth2, Auth3, Auth4, and Auth5. Your router attempts to send an
authentication request to Auth1. If Auth1 is unavailable, the router submits the request
to Auth2, then Auth3, and so on until an available server is found. If Auth5, the last
configured authentication server, is not available, the router attempts the next method
in the methods list. If the only method configured is RADIUS, then the router notifies
the client that the request has been denied.
Server Access
The router offers two options by which servers are accessed:
■
Direct—The first authentication or accounting server that you configure is treated
as the primary authentication or accounting server, the next server configured
is the secondary, and so on.
■
Round-robin—The first configured server is treated as a primary for the first
request, the second server configured as primary for the second request, and so
on. When the router reaches the end of the list of servers, it starts again at the
top of the list until it comes full cycle through the list.
Use the
radius algorithm
command to specify the server access method.
When you configure the first RADIUS accounting server, a RADIUS Acct-On message
is sent. When you delete the last accounting server, a RADIUS Acct-Off message is
sent.
18
■
Configuring RADIUS Authentication and Accounting Servers
JUNOSe 11.0.x Broadband Access Configuration Guide
Summary of Contents for JUNOSE 11.0.X MULTICAST ROUTING
Page 6: ...vi...
Page 28: ...xxviii Table of Contents JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 36: ...xxxvi List of Tables JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 42: ...2 Managing Remote Access JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 204: ...164 Managing RADIUS and TACACS JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 292: ...252 Monitoring RADIUS Relay Server JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 336: ...296 RADIUS Client Terminate Reasons JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 368: ...328 Managing L2TP JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 444: ...404 PPP Accounting Statistics JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 494: ...454 Managing DHCP JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 510: ...470 DHCP Local Server Configuration Tasks JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 556: ...516 Configuring DHCP Relay Proxy JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 616: ...576 Managing the Subscriber Environment JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 674: ...634 Managing Subscriber Services JUNOSe 11 0 x Broadband Access Configuration Guide...
Page 767: ...Part 7 Index Index on page 729 Index 727...
Page 768: ...728 Index JUNOSe 11 0 x Broadband Access Configuration Guide...