Hello,
I configured the system login to use a RADIUS server first:
system {
authentication-order [ radius password ];
radius-server {
<ipradius1> {
port 1812;
accounting-port 1813;
secret "keepitsecret!"; ## SECRET-DATA
timeout 10;
retry 2;
source-address aaa.bbb.ccc.ddd;
}
<ipradius2> {
port 1812;
accounting-port 1813;
secret "keepitsecret!!!"; ## SECRET-DATA
timeout 10;
retry 2;
source-address aaa.bbb.ccc.ddd;
}
}
radius-options {
password-protocol mschap-v2;
}
accounting {
events [ login change-log interactive-commands ];
destination {
radius;
}
}
login {
user remote-admin {
uid 2500;
class super-user;
}
}
}
Despite I specified the sorce-address statement, looking at the RADIUS server logs, I can see that the access-device IP
and the Radius:IETF:NAS-IP-Address
is different from aaa.bbb.ccc.ddd mentioned before.
In the device are configured:
irb {
unit 254 {
family inet {
address aaa.bbb.ccc.ddd/24;
}
}
}
vme {
unit 0 {
family inet {
address eee.fff.ggg.hhh/24;
}
}
}
and the connections to the RADIUS look to coming from eee.fff.ggg.hhh
I tried to ping my RADIUS from both interfaces but it looks reachable just from irb.254
Current routing does not use vme:
run show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 316w3d 23:11:46
> to aaa.bbb.ccc.1 via irb.254
eee.fff.ggg.hhh/32 *[Local/0] 316w3d 23:12:07
Reject
aaa.bbb.ccc.0/24 *[Direct/0] 316w3d 23:11:46
> via irb.254
aaa.bbb.ccc.ddd/32 *[Local/0] 316w3d 23:12:08
Local via irb.254
So I can I fix this issue? Why the switch is still using vme even if il looks that the radius is unreachable?
Thanks