Chapter 3 Configuring Radius Attributes; Radius Overview - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12 Configuration Manual

CHAPTER 3
Configuring RADIUS Attributes

RADIUS Overview

Copyright © 2010, Juniper Networks, Inc.
This chapter identifies the Remote Authentication Dial-In User Service (RADIUS) attributes
that JunosE Software supports and describes the RADIUS attributes you can configure
with the command-line interface (CLI). RADIUS attributes are discussed in the following
sections:
RADIUS Overview on page 167
RADIUS Platform Considerations on page 168
RADIUS References on page 169
Subscriber AAA Access Messages on page 169
Subscriber AAA Accounting Messages on page 177
DSL Forum VSAs in AAA Access and Accounting Messages on page 186
CLI AAA Messages on page 187
CLI Commands Used to Modify RADIUS Attributes on page 188
RADIUS is a distributed client/server that protects networks against unauthorized access.
RADIUS clients running on a Juniper Networks E Series Broadband Services Router send
authentication requests to a central RADIUS server.
You can access the RADIUS server through either a subscriber line or the CLI.
NOTE: For CLI/telnet users only-For CLI security, the router supports the
RADIUS Access-Challenge message. The RADIUS server uses this message
to send the user a challenge requiring a response. The router then displays
the single reply message and attempts to authenticate the user with the new
response as the password.
The central RADIUS server stores all the required user authentication and network access
information. RADIUS informs the router of the privilege levels for which
RADIUS-authenticated users have enable access. The router permits or denies enable
access accordingly.
167