Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  MX204 - Radius Configuration Question

    Posted 03-18-2022 09:47
    Edited by Michael Pappas 03-18-2022 13:57

    Hello,

    Little question about Radius servers configuration on MX204 routers, with version Junos: 19.4R3.11.

    We want to configure a radius server for authentification, using a FQDN.
    Our radius server has 3 IP addresses. So, use FQDN seems a better idea because we only have to configure one radius-server (against 3 using IP addresses)


    But when I configure radius using FQDN :
    set system radius-server radiusFQDN port 1812​

    The router resolves the name and the configuration is written with one of the 3 IP :
    radius-server {
            X.X.X.X {
                port 1812;
            }
    }​


    And it's with the IP which answer while router resolved FQDN.

    For example, I configure with another command using FQDN :

    set system radius-server radiusFQDN accounting-port 1813

    If the router resolve another of the 3 IP,  it creates another radius server :

    radius-server {
            X.X.X.X {
                port 1812;
            }
            Y.Y.Y.Y {
                accounting-port 1813;
            }
    }


    So my questions are simple :
    - can I configure a radius server using a FQDN on MX204 (release 19.4R3.11) or have I to use the IP addresses ?

    - If I can use FQDN, how can I do it ?
    - And, Is there an "auto-resolution" for name to disable or something ?

    Thank for your help !   o/



    ------------------------------
    Thibaut Westelynck
    ------------------------------


  • 2.  RE: MX204 - Radius Configuration Question

    Posted 03-19-2022 08:36
    Unfortunately when you use fqdn for this type of configuration on the srx it simply converts it to the resolved ip address during the commit process.

    So for this type of setup you need some kind of load balancer with a fixed ip address that then chooses which of the three actual servers get the request in order to have that kind of redundancy.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------