[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Example: Configuring RADIUS-Based Subscriber Authentication and Accounting

This section shows an example RADIUS-based authentication and accounting configuration.

[edit access]
radius-server {
192.168.1.250 {
port 1812;
accounting-port 1813;
retry 3;
secret &tIUEI*7688+;
source-address 192.168.1.100;
timeout 45;
}
192.168.1.251 {
port 1812;
accounting-port 1813;
retry 3;
secret $Dyu*UY(877-;
source-address 192.168.1.100;
timeout 30;
}
192.168.1.252 {
port 1812;
secret $Dyu*UY(877-;
}
}
profile isp-bos-metro-fiber-basic {
authentication {
order radius none;
}
accounting {
order radius;
accounting-stop-on-access-deny;
accounting-stop-on-failure;
immediate-update;
statistics time;
update-interval 12;
}
radius {
authentication-server 192.168.1.251 192.168.1.252;
accounting-server 192.168.1.250 192.168.1.251;
options {
accounting-session-id-format decimal;
nas-identifier 56;
override-nas-information;
}
attributes {
ignore {
framed-ip-netmask;
}
exclude {
accounting-delay-time [accounting-start accounting-stop];
accounting-session-id [access-request accounting-on accounting-off
accounting-start accounting-stop];
dhcp-gi-address [access-request accounting-start accounting-stop];
dhcp-mac-address [access-request accounting-start accounting-stop];
nas-identifier [access-request accounting-start accounting-stop];
nas-port [accounting-start accounting-stop];
nas-port-id [accounting-start accounting-stop];
nas-port-type [access-request accounting-start accounting-stop];
}
}
}
}
[edit logical-systems isp-bos-metro-12 routing-instances isp-cmbrg-12-32]
interfaces {
lo0 {
unit 0 {
family inet {
address 192.168.1.100/24;
}
}
}
ge-0/0/0 {
vlan-tagging;
unit 0 {
vlan-id 200;
family inet {
unnumbered-address lo0.0;
}
}
}
}
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]