Security/Authentication; Configuring Radius-Initiated Disconnect; Radius-Initiated Change Of Authorization; Change-Of-Authorization Messages - Juniper JUNOSE SOFTWARE 11.0.X - BROADBAND ACCESS CONFIGURATION GUIDE 4-1-2010 Configuration Manual
For e series broadband services routers - broadband access configuration
Hide thumbs
Also See for JUNOSE SOFTWARE 11.0.X - BROADBAND ACCESS CONFIGURATION GUIDE 4-1-2010:
- Configuration manual (712 pages)
Table of Contents
Advertisement
Security/Authentication
The RADIUS server (the disconnect client) must calculate the authenticator as specified
for an Accounting-Request message in RFC 2866. The router's RADIUS
dynamic-request server verifies the request using authenticator calculation as specified
for an Accounting-Request message in RFC 2866. A key (secret), as specified in RFC
2865, must be configured and used in the calculation of the authenticator. The
response authenticator is calculated as specified for an Accounting-Response message
in RFC 2866.
Configuring RADIUS-Initiated Disconnect
To configure RADIUS-initiated disconnect feature, perform the following steps to set
up the RADIUS dynamic-request server that will perform the disconnect operation:
1.
2.
3.
4.
RADIUS-Initiated Change of Authorization
This section describes the RADIUS dynamic-request server's support for CoA
messages. CoA messages are used by the E Series router's RADIUS-initiated packet
mirroring feature, which is described in the Configuring RADIUS-Based Mirroring
chapter in JUNOSe Policy Management Configuration Guide, and by Service Manager,
which is described in "Configuring Service Manager" on page 635 of this guide.
Change-of-Authorization Messages
The RADIUS dynamic-request server receives and processes the unsolicited CoA
messages from RADIUS servers. The RADIUS-initiated CoA feature uses the following
codes in its RADIUS request and response messages:
Configure the RADIUS dynamic-request server, and enter RADIUS Configuration
mode.
host1(config)#radius dynamic-request server 10.10.5.10
host1(config-radius)#
Enable the RADIUS-initiated disconnect capability on the RADIUS dynamic-request
server.
host1(config-radius)#subscriber disconnect
Define the secret used in the RADIUS Authenticator field during exchanges
between the RADIUS dynamic-request server and the RADIUS server.
host1(config-radius)#key Secret3Clientkey
(Optional) Specify the UDP port on which the RADIUS dynamic-request server
listens for messages from the RADIUS server. The default is 1700.
host1(config-radius)#udp-port 1770
CoA-Request (43)
Chapter 4: Configuring RADIUS Dynamic-Request Server
Configuring RADIUS-Initiated Disconnect
239
Advertisement
Table of Contents
Troubleshooting
