O'Reilly logo

JUNOS Cookbook by Aviva Garrett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

2.12. Setting Up RADIUS User Authentication

Problem

You use RADIUS for user authentication in your network and you want to set up the router to authenticate against the RADIUS server.

Solution

Configure information about your RADIUS server:

	[edit system]
	aviva@router1# set radius-server 192.168.63.10 secret $1991poppI
	aviva@router1# show
	radius-server {
	    192.168.63.10 secret "$9$90m6AO1EcyKWLhcYgaZji"; ## SECRET-DATA
	}

Discussion

The Remote Authentication Dial-In User Service (RADIUS) provides a centralized method for authenticating users on the router. RADIUS uses a client/server model. A RADIUS server receives user connection requests, authenticates the user, and returns all configuration information necessary for the client—in this case, the router—to deliver service to the user. All transactions between the server and the client are authenticated by a password called a shared secret.

To configure the router as a RADIUS client, you set the IP address of your RADIUS server and the password (secret) that the router should use to access the server. The secret on the router and the RADIUS server must be the same. After you type the secret, the CLI never displays it but shows it in a pseudoencrypted format. The show output is a simple obfuscation to prevent someone from reading the password over your shoulder.

By default, the JUNOS software sends authentication requests to UDP port 1812 on the RADIUS server, as defined in RFC 2865. Also by default, the router waits three seconds to receive ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required