Table of Contents
Advertisement
JunosE 11.2.x Broadband Access Configuration Guide
Server Access
Server Request Processing Limit
18
If another authentication server is not configured, the router attempts the next method
in the method list; for accounting server requests, the information is dropped.
For example, suppose that you have configured the following authentication servers:
Auth1, Auth2, Auth3, Auth4, and Auth5. Your router attempts to send an authentication
request to Auth1. If Auth1 is unavailable, the router submits the request to Auth2, then
Auth3, and so on until an available server is found. If Auth5, the last configured
authentication server, is not available, the router attempts the next method in the methods
list. If the only method configured is RADIUS, then the router notifies the client that the
request has been denied.
The router offers two options by which servers are accessed:
Direct—The first authentication or accounting server that you configure is treated as
the primary authentication or accounting server, the next server configured is the
secondary, and so on.
Round-robin—The first configured server is treated as a primary for the first request,
the second server configured as primary for the second request, and so on. When the
router reaches the end of the list of servers, it starts again at the top of the list until it
comes full cycle through the list.
Use the radius algorithm command to specify the server access method.
When you configure the first RADIUS accounting server, a RADIUS Acct-On message is
sent. When you delete the last accounting server, a RADIUS Acct-Off message is sent.
You can configure RADIUS authentication servers and accounting servers to use different
UDP ports on the router. This enables the same IP address to be used for both an
authentication server and an accounting server. However, you cannot use the same IP
address for multiple authentication servers or for multiple accounting servers.rs.
NOTE: For information about the number of concurrent RADIUS requests that the router
supports for authentication and accounting servers, see JunosE Release Notes, Appendix
A, System Maximums.
The E Series router listens to a range of UDP source (or local) ports for RADIUS responses.
Each UDP source port supports a maximum of 255 RADIUS requests. When the 255
per-port limit is reached, the router opens the next source port. When the max-sessions
command limit is reached, the router submits the request to the next configured server.
Table 4 on page 19 lists the range of UDP ports the router uses for each type of RADIUS
request.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Troubleshooting
