Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Configuring RADIUS Server Options for Subscriber Access

You can specify options that the router or switch uses when communicating with RADIUS authentication and accounting servers for subscriber access.

1. Specify that you want to configure RADIUS.
   [edit access profile isp-bos-metro-fiber-basic]user@host# edit radius
2. Specify that you want to configure RADIUS options.
   [edit access profile isp-bos-metro-fiber-basic radius]user@host# edit options
3. (Optional) Configure the method the router or switch uses to access RADIUS accounting servers.
   [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set client-accounting-algorithm round-robin
4. (Optional) Configure the method the router or switch uses to access RADIUS authentication servers.
   [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set client-authentication-algorithm round-robin
5. (Optional) Configure the format the router or switch uses to identify the accounting session.
   [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set accounting-session-id-format decimal
6. (Optional) Specify that the Agent-Remote-Id and Agent-Circuit-Id are generated locally when these values are not present in the client database.
   [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set access-loop-id-local
7. (Optional) Specify the information that is excluded from the interface description that the router or switch passes to RADIUS for inclusion in RADIUS attribute 87 (NAS-Port-Id).
   [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set interface-description-format exclude-adapter
8. (Optional) Configure the value for the client RADIUS attribute 32 (NAS-Identifier), which is used for authentication and accounting requests.
   [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set nas-identifier 56
9. (Optional) Configure the RADIUS client to use the extended format for RADIUS attribute 5 (NAS-Port) and specify the width of the fields in the NAS-Port attribute. The total of the widths must not exceed 32 bits, or the configuration fails.
   • For Ethernet subscribers:
     [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set nas-port-extended-format ae-width 10 slot-width 4 adapter-width 2 port-width 4 stacked-vlan-width 10 vlan-width 2
   • For ATM subscribers:
     [edit access profile retailer01 radius options]user@host# set nas-port-extended-format atm slot-width 3 adapter-width 2 port-width 3 vpi-width 8 vci-width 16
10. (Optional) Configure the delimiter character that the router inserts between values in RADIUS attribute 87 (NAS-Port-ID).
    [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set nas-port-id-delimiter %
11. (Optional) Configure the information that the router includes in RADIUS attribute 87 (NAS-Port-ID).
    [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set nas-port-id-format agent-circuit-id agent-remote-id
12. (Optional) Configure the delimiter character that the router inserts between values in RADIUS attribute 31 (Calling-Station-ID).
    [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set calling-station-id-delimiter “%”
13. (Optional) Configure the information that the router includes in RADIUS attribute 31 (Calling-Station-ID).
    [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set calling-station-id-format agent-circuit-id agent-remote-id
14. (Optional) Configure the port type that is included in RADIUS attribute 61 (NAS-Port-Type). This specifies the port type the router uses to authenticate subscribers.
    [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set nas-port-type ethernet wireless-ieee80211

    Note: This statement is ignored if you configure the ethernet-port-type-virtual in the same access profile.

15. (Optional) Configure the router or switch to use a port type of virtual to authenticate clients.
    [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set ethernet-port-type-virtual

    Note: This statement takes precedence over the nas-port-type statement if you include both in the same access profile.

16. (Optional) Configure the number of seconds that the router or switch waits after a server has become unreachable.
    [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set revert-interval 259200
17. (Optional) Specify that RADIUS attribute 5 (NAS-Port) includes the S-VLAN ID, in addition to the VLAN ID, for subscribers on Ethernet interfaces.
    [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set vlan-nas-port-stacked-format
18. (Optional) Configure the router to use the optional behavior when processing CoA requests that include changes to client profile dynamic variables.
    [edit access profile isp-bos-metro-fiber-basic radius options]user@host# set coa-dynamic-variable-validation