Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configure CHAP Authentication with RADIUS

Configuration

You can send RADIUS messages through a routing instance to customer RADIUS servers in a private network. To configure the routing instance to send packets to a RADIUS server, include the routing-instance statement at the [edit access profile profile-name radius-server] hierarchy level and apply the profile to an interface with the access-profile statement at the [edit interfaces interface-name unit logical-unit-number ppp-options chap] hierarchy level.

In this example, PPP peers of interfaces at-0/0/0.0 and at-0/0/0.1 are authenticated by a RADIUS server reachable via routing instance A. PPP peers of interfaces at-0/0/0.2 and at-0/0/0.3 are authenticated by a RADIUS server reachable via routing instance B.

For more information about RADIUS authentication, see RADIUS Authentication.

CLI Quick Configuration

Users who log in to the router with telnet or SSH connections are authenticated by the RADIUS server 192.0.2.1. The backup RADIUS server for these users is 192.0.2.2.

Each profile may contain one or more backup RADIUS servers. In this example, PPP peers are CHAP authenticated by the RADIUS server 192.0.2.3 (with 192.0.2.4 as the backup server) or RADIUS server 192.0.2.5 (with 192.0.2.6 as the backup server).