Configuring RADIUS Servers
You must configure RADIUS servers before you can configure a RADIUS network element. A network element is a load-balanced group of RADIUS servers providing policy management for TDF subscribers.
To configure a RADIUS server:
- Configure a name for the RADIUS server.
[edit access radius] user@host# set servers name
- Specify the IP address of the RADIUS server.
[edit access radius servers name] user@host# set address server-address
- Configure an interface and IPv4 address to specify the
source for RADIUS requests. The MX Series router sends RADIUS requests
to the RADIUS server using this source address.
[edit access radius servers name] user@host# set source-interface interface [ipv4-address address]
- Configure a shared secret (password) to be used by the
MX Series router and the RADIUS server.
[edit access radius servers name] user@host# set secret password
- Configure the port number to which the RADIUS requests
are sent.
[edit access radius servers name] user@host# set port port-number
- Specify the RADIUS server port number to which the MX
Series router sends RADIUS accounting-start and accounting-stop requests.
RADIUS accounting-start and accounting-stop requests are used when
the RADIUS server is not able to initiate a change of authorization
(CoA) request without an accounting record.
[edit access radius servers name] user@host# set accounting-port port-number
- Configure the secret password to be used when sending
accounting-start requests to the RADIUS server if the accounting secret
password is different from the authentication secret password. RADIUS
accounting-start requests are used when the RADIUS server is not able
to initiate a CoA request without an accounting record.
[edit access radius servers name] user@host# set accounting-secret password
- Configure the number of attempts to contact the RADIUS
server that the MX Series router is allowed to make when it does not
receive a response to its initial request. You can specify from 1
through 10 retries. The default is 3.
[edit access radius servers name] user@host# set retry attempts
- Configure the amount of time that the MX Series router
waits to receive a response from a RADIUS server before retrying a
request. By default, the MX Series router waits 3 seconds. You can
configure the timeout to be from 1 through 90 seconds.
[edit access radius servers name] user@host# set timeout seconds
- Allow dynamic requests from the RADIUS server so that
CoA requests can be received.
[edit access radius servers name] user@host# set allow-dynamic-requests
- Configure the secret password to be used for CoA requests
from the RADIUS server.
[edit access radius servers name] user@host# set dynamic-requests-secret password
- Configure a limit to the number of request retries within
a specified time interval that the MX Series router can send to the
RADIUS server. If the number of retries reaches this limit, the RADIUS
server is marked as dead, and the MX Series router begins to send
requests to other RADIUS servers in the network element.
[edit access radius servers name] user@host# set dead-criteria-retries retry-number interval seconds
- Configure the amount of time that must pass after a RADIUS
server is first marked dead until it is marked as alive by the MX
Series router. When the MX Series router marks the RADIUS server as
alive, it can again send requests to the RADIUS server.
[edit access radius servers name] user@host# set revert-interval seconds