Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

RADIUS Server Options for Subscriber Access

You can specify options that the router uses when communicating with RADIUS authentication and accounting servers for subscriber access.

• accounting-session-id-format—The format the router uses to identify the accounting session. The identifier can be in one of the following formats. The router uses decimal format by default.
  • decimal—For example, 435264
  • description—In the format, jnpr interface-specifier:subscriber-session-id. For example, jnpr fastEthernet 3/2.6:1010101010101
• calling-station-id-delimiter—The character that the router uses as the separator between concatenated values in the Calling-Station-ID string (RADIUS attribute 31).
• calling-station-id-format—Optional information that the router includes in the Calling-Station-ID (RADIUS attribute 31).
• client-accounting-algorithm and client-authentication-algorithm—The method the router uses to access RADIUS accounting and RADIUS authentication servers. You can specify the following methods:
  • direct—The default method, in which there is no load balancing. For example, in the direct method, the router always accesses server1 (the primary server) first, and uses server2 and server3 as backup servers.
  • round-robin—The method that provides load balancing by rotating router requests among the list of configured RADIUS servers. For example, if three RADIUS servers are configured to support the router, the router sends the first request to server1, and uses server2 and server3 as backup servers. The router then sends the second request to server2, and uses server3 and server1 as backups.

  Note: When a RADIUS server in the round-robin list becomes unreachable, the next reachable server in the round-robin list is used for the current request. That same server is also used for the next request because it is at the top of the list of available servers. As a result, after a server failure, the server that is used takes up the load of two servers.

• coa-dynamic-variable-validation—The optional method that the router uses when processing CoA requests that include changes to a client profile dynamic variable that cannot be applied. The optional configuration specifies that when a CoA operation is unable to apply a requested change to a client profile dynamic variable, subscriber management does not apply any changes to client profile dynamic variables in the CoA request and then responds with a NACK. In the default method, subscriber management does not apply the incorrect update but does apply the other changes to the client profile dynamic variables, and then responds with an ACK message.
• access-loop-id-local—The Agent-Remote-Id and Agent-Circuit-Id are generated locally when these values are not present in the client database. The interface description of the logical interface is used as the Agent-Remote-Id and the interface description portion of the NAS-Port-Id using the format <underlying-interface-name>:<outer-tag>-<inner-tag> is used as the Agent-Circuit-Id.

  Note: The NAS-Port-Id format changes (established by [set access profile profile-name radius options interface-description-format]) are applied before generating the Agent-Circuit-Id. The NAS-Port-Id format (established by [set access profile profile-name radius options interface-description-format]) leverages the locally generated Agent-Remote-Id and Agent-Circuit-Id.

• ethernet-port-type-virtual—The physical port type of virtual that the router uses to authenticate clients. The port type is passed in RADIUS attribute 61 (NAS-Port-Type). By default the router passes a port type of ethernet in RADIUS attribute 61.
• interface-description-format—The information that is excluded from the interface description that the router passes to RADIUS for inclusion in the RADIUS attribute 87 (NAS-Port-Id). By default, the router includes both the subinterface and the adapter in the interface description. You can specify:
  • exclude-adapter—Exclude the adapter.
  • exclude-subinterface—Exclude the subinterface.
• nas-identifier—The value for the client RADIUS attribute 32 (NAS-Identifier), which is used for authentication and accounting requests. You can specify a string in the range 1 through 64 characters.
• nas-port-extended-format—The extended format for RADIUS attribute 5 (NAS-Port) and for the width of the fields in the NAS-Port attribute that the RADIUS client uses. You can specify:
  • adapter-width width—Number of bits in the adapter field.
  • port-width width—Number of bits in the port field.
  • slot-width width—Number of bits in the slot field.
  • stacked-vlan-width width—Number of bits in the SVLAN ID field.
  • vlan-width width—Number of bits in the VLAN ID field.

  Note: The total of the widths must not exceed 32 bits, or the configuration will fail.

  You can configure an extended format for the NAS-Port attribute for both Ethernet subscribers and ATM subscribers. For ATM subscribers, you can specify:

  • adapter-width—Number of bits in the ATM adapter field, in the range 1 through 32
  • port-width—Number of bits in the ATM port field, in the range 1 through 32
  • slot-width—Number of bits in the ATM slot field, in the range 1 through 32
  • vpi-width—Number of bits in the ATM virtual path identifier (VPI) field, in the range 1 through 32
  • vci-width—Number of bits in the ATM virtual circuit identifier (VCI) field, in the range 1 through 32

  Note: For ATM subscribers, the combined total of the widths of all fields must not exceed 32 bits, or the configuration fails. The router may truncate the values of individual fields depending on the bit width you specify.

• nas-port-id-delimiter—The character used as the separator between values in the NAS-Port-ID string.
• nas-port-id-format—Optional information included in RADIUS attribute 87 (NAS-Port-ID).
• nas-port-type—The port type used to authenticate subscribers.
• revert-interval—The number of seconds that the router waits after a server has become unreachable. The router rechecks the connection to the server when the revert-interval expires. If the server is then reachable, it is used in accordance with the order of the server list. You can configure from 0 (off) through 604800 seconds. The default is 60 seconds.
• vlan-nas-port-stacked-format—The format that turns off RADIUS attribute 5 (NAS-Port) to include the S-VLAN ID, in addition to the VLAN ID, for subscribers on Ethernet interfaces.