Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Specifying RADIUS Server Connections on an MX Series Router in Enhanced LAN Mode

IEEE 802.1X and MAC RADIUS authentication both provide network edge security, protecting Ethernet LANs from unauthorized user access by blocking all traffic to and from devices at the interface until the supplicant's credentials or MAC address are presented and matched on the authentication server (a RADIUS server). When the supplicant is authenticated, the router stops blocking access and opens the interface to the supplicant.

Starting with Junos OS Release 14.2, to use 802.1X or MAC RADIUS authentication, you must specify the connections on the router for each RADIUS server to which you will connect.

To configure a RADIUS server on the router:

  1. Define the IP address of the RADIUS server, the RADIUS server authentication port number, and the secret password. You can define more than one RADIUS server. The secret password on the router must match the secret password on the server:
    Note:

    Specifying the authentication port is optional, and port 1812 is the default. However, we recommend that you configure it in order to avoid confusion as some RADIUS servers might refer to an older default.

  2. (Optional) Specify the IP address by which the router is identified by the RADIUS server. If you do not specify this, the RADIUS server uses the address of the interface sending the RADIUS request. We recommend that you specify this IP address because if the request gets diverted on an alternate route to the RADIUS server, the interface relaying the request might not be an interface on the router.
  3. Configure the authentication order, making radius the first method of authentication:
  4. Create a profile and specify the list of RADIUS servers to be associated with the profile. For example, you might choose to group your RADIUS servers geographically by city. This feature enables easy modification whenever you want to change to a different sent of authentication servers.
  5. Specify the group of servers to be used for 802.1X or MAC RADIUS authentication by identifying the profile name:
  6. Configure the IP address of the MX Series router in the list of clients on the RADIUS server. For specifics on configuring the RADIUS server, consult the documentation for your server.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
14.2
Starting with Junos OS Release 14.2, to use 802.1X or MAC RADIUS authentication, you must specify the connections on the router for each RADIUS server to which you will connect.