Introduction: RADIUS (Remote Authentication Dial-In User Service) is a widely used protocol for authenticating and authorizing remote users. Configuring RADIUS on Juniper switches using logical interfaces such as VLAN (Virtual LAN) or IRB (Integrated Routing and Bridging) allows for centralized authentication and improved network security. This article provides a step-by-step guide, including an example and full script, to configure RADIUS on Juniper switches using logical interfaces.
Before proceeding, ensure that you have the necessary RADIUS server details, including the IP address or hostname, RADIUS server port, and shared secret.
Step 1: Access the Juniper Switch Connect to the Juniper switch using a console cable or through SSH/Telnet.
Step 2: Enter Configuration Mode
Enter the configuration mode by typing the following command:
configure
Step 3: Configure RADIUS Server Details
Configure the RADIUS server details, including the IP address or hostname, RADIUS server port, and shared secret. Replace the placeholder values with the actual details relevant to your RADIUS server.
set system radius-server <server-ip> port <port-number>
set system radius-server <server-ip> secret “<shared-secret>”
Example:
set system radius-server 10.0.0.1 port 1812
set system radius-server 10.0.0.1 secret “radius_secret”
Step 4: Create the Logical Interface (VLAN or IRB)
Create the logical interface using either a VLAN or IRB, depending on your network setup.
- Creating a VLAN Interface:
set vlans <vlan-name> vlan-id <vlan-id>
set vlans <vlan-name> l3-interface <interface-name>
Example:
set vlans VLAN10 vlan-id 10
set vlans VLAN10 l3-interface irb.10
Creating an IRB Interface:
set interfaces irb unit <unit-number> family inet address <ip-address>/<subnet-mask>
Example:
set interfaces irb unit 10 family inet address 192.168.10.1/24
Step 5: Configure RADIUS Authentication on the Logical Interface
Specify the RADIUS authentication parameters for the logical interface.
set interfaces <interface-name> unit <unit-number> family inet authentication-order [ radius password ]
Example:
set interfaces irb unit 10 family inet authentication-order radius password
Step 6: Commit Configuration Changes
Commit the configuration changes to make them effective.
commit
Complete configuration Example:
configure
set system radius-server 10.0.0.1 port 1812
set system radius-server 10.0.0.1 secret “radius_secret”
set vlans VLAN10 vlan-id 10
set vlans VLAN10 l3-interface irb.10
set interfaces irb unit 10 family inet address 192.168.10.1/24
set interfaces irb unit 10 family inet authentication-order radius password
commit
Below is the link to configure Radius using layer 3 interface
How to configure radius on Juniper switches – IP-NETWORK-BASICS (ipnetworkbasics.com)