UDP Checksums
Collecting Accounting Statistics
Configuring RADIUS AAA Servers
Copyright © 2010, Juniper Networks, Inc.
Each virtual router on which you configure B-RAS is enabled to perform UDP checksums
by default. You can disable and reenable UDP checksums.
You can use the aaa accounting statistics command to specify how the AAA server
collects statistics on the sessions it manages. Use the volume-time keyword to specify
that AAA notifies applications to collect a full set of statistics from each of their
connections. Use the time keyword to specify that only the uptime status is collected
for each connection. Collecting only uptime information reduces the amount of data sent
to AAA and is a more efficient use of system resources for customers that do not need
a full set of statistics. The router collects a full set of statistics by default.
The number of RADIUS servers you cansure configure depends on available memory.
The router has an embedded RADIUS client for authentication and accounting.
NOTE: You can configure B-RAS with RADIUS accounting, but without
RADIUS authentication. In this configuration, the username and password
on the remote end are not authenticated and can be set to any value.
You must assign an IP address to a RADIUS authentication or accounting server to
configure it.
If you do not configure a primary authentication or accounting server, all authentication
and accounting requests will fail. You can configure other servers as backup in the event
that the primary server cannot be reached. Configure each server individually.
To configure an authentication or accounting RADIUS server:
Specify the authentication or accounting server address.
1.
host1(config)#radius authentication server 10.10.10.1
host1(config-radius)#
or
host1(config)#radius accounting server 10.10.10.6
host1(config-radius)#
(Optional) Specify a UDP port for RADIUS authentication or accounting server requests.
2.
host1(config-radius)#udp-port 1645
Specify an authentication or accounting server secret.
3.
host1(config-radius)#key gismo
(Optional) Specify the number of retries the router makes to an authentication or
4.
accounting server before it attempts to contact another server.
host1(config-radius)#retransmit 2
(Optional) Specify the number of seconds between retries.
5.
Chapter 1: Configuring Remote Access
23