Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

Example: Configuring a RADIUS Server for System Authentication

Requirements

• Perform the initial device configuration. See the Getting Started Guide for your device.
• Configure at least one RADIUS server. For more details, see RADIUS Authentication and Accounting Servers Configuration Overview.

Overview

In this example, you add a new RADIUS server with an IP address of 172.16.98.1 and specify the shared secret password of the RADIUS server as Radiussecret1. The secret is stored as an encrypted value in the configuration database. Finally, you specify the source address to be included in the RADIUS server requests by the device. In most cases you can use the loopback address of the device, which in this example is 10.0.0.1.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

GUI Step-by-Step Procedure

1. In the J-Web user interface, select Configure>System Properties>User Management.
2. Click Edit. The Edit User Management dialog box appears.
3. Select the Authentication Method and Order tab.
4. In the RADIUS section, click Add. The Add Radius Server dialog box appears.
5. In the IP Address box, type the server’s 32–bit IP address.
6. In the Password and Confirm Password boxes, type the secret password for the server and verify your entry.
7. In the Server Port box, type the appropriate port.
8. In the Source Address box, type the source IP address of the server.
9. In the Retry Attempts box, specify the number of times that the server should try to verify the user’s credentials.
10. In the Time Out box, specify the amount of time (in seconds) the device should wait for a response from the server.
11. Click OK to check your configuration and save it as a candidate configuration.
12. If you are done configuring the device, click Commit Options>Commit.

Step-by-Step Procedure

1. Add a new RADIUS server and set its IP address.
   [edit system]user@host# set radius-server address 172.16.98.1
2. Specify the shared secret (password) of the RADIUS server.
   [edit system]user@host# set radius-server 172.16.98.1 secret Radiussecret1
3. Specify the device’s loopback address source address.
   [edit system]user@host# set radius-server 172.16.98.1 source-address 10.0.0.1

Results

From configuration mode, confirm your configuration by entering the show system radius-server command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Note: To completely set up RADIUS authentication, you must create user template accounts and specify a system authentication order. Do one of the following tasks: Configure a system authentication order. See Example: Configuring Authentication Order. Configure a user. See Example: Configuring New Users. Configure local user template accounts. See Example: Creating Template Accounts.

Verification

Confirm that the configuration is working properly.

Verifying the RADIUS Server System Authentication Configuration

Purpose

Verify that the RADIUS server has been configured for system authentication.

Action

From operational mode, enter the show system radius-server command.