Juniper MX Radius 服务器配置:未配置身份验证服务器列表

网络工程 路由器 验证 半径 瞻博网络
2021-07-11 16:02:07

在 MX 路由器上,我配置了 DHCP 服务器和半径服务器身份验证。不幸的是,它还没有工作。在另一个 MX 路由器上,我配置了相同的配置并且它工作正常。

请参阅以下来自 authlog 日志的日志。它看到一个请求进来并设置半径访问请求。但是当它想将请求发送到半径服务器时,它说没有配置身份验证服务器。这很奇怪,因为我已经在“访问”下对其进行了配置:

radius-server {
    xx.xx.xx.xx {
        secret "secret"; ## SECRET-DATA
        source-address yy.yy.yy.yy;
    }
}


Mar  2 15:36:55.368548 radius-access-request: User-Name added: core-nkh-03.xe-0/0/3:1035
Mar  2 15:36:55.368616 radius-access-request: Service-Type added: 2
Mar  2 15:36:55.368675 radius-access-request: Chargeable-User-Identity added:
Mar  2 15:36:55.368729 radius-access-request: Acct-Session-Id added:   1039
Mar  2 15:36:55.368829 radius-access-request: DHCP-Options (Juniper-ERX-VSA) added: 35 01 01 etc
Mar  2 15:36:55.368892 radius-access-request: DHCP-MAC-Address (Juniper-ERX-VSA) added: 906c.acd1.acfb
Mar  2 15:36:55.368946 radius-access-request: NAS-Identifier added: core-nkh-03
Mar  2 15:36:55.369000 radius-access-request: NAS-Port added: 00 c0 04 0b
Mar  2 15:36:55.369046 radius-access-request: NAS-Port-Id added: xe-0/0/3.1073742606:1035
Mar  2 15:36:55.369096 radius-access-request: NAS-Port-Type added: 15
Mar  2 15:36:55.369155 authd_create_application_specific_radius_server: No authentication-server list configured
Mar  2 15:36:55.369198 authd_auth_module_start: result = 4 start_auth; state = 0
Mar  2 15:36:55.369237 authd_auth_module_start: Error in calling the start_auth
Mar  2 15:36:55.369278 REQUEST: AUTHEN - module_index 0 module(radius) return: SERVER
Mar  2 15:36:55.369330 Framework: auth result is 12. Performing post-auth operations
Mar  2 15:36:55.369370 Framework: result is 12.
Mar  2 15:36:55.369412 authd_auth_send_answer: conn=2c3d000, reply-code=3 (TIMEOUT), result-subopcode=12 (ACCESS_TIMEOUT), sub-id=1039, cookie=65795, rply_len=28, num_tlv_blocks=0
Mar  2 15:36:55.369480 Delete session: 1039
Mar  2 15:36:55.369523 Begin to logout Subscriber
Mar  2 15:36:55.369606 Removing client snapshot

那么,我在这里错过了什么?

<---->

@约旦

show configuration access 
radius-server {
    10.10.10.18 {
        secret "$9$secret"; ## SECRET-DATA
        source-address 10.10.10.10;
    }
}
domain-name-server-inet {
    10.10.10.18
    10.10.10.19;
}
profile local-kpn {
    accounting-order radius;
    authentication-order radius;
    accounting {
        order radius;
    }
}
address-assignment {
    pool local-kpn {
        family inet {
            network 20.20.20.0/25;
            dhcp-attributes {
                maximum-lease-time 3600;
                router {
                    20.20.20.1;
                }
            }
        }
    }
}

show configuration access-profile 
    local-kpn;

我觉得不错吧?

1个回答

3 月 2 日 15:36:55.369155 authd_create_application_specific_radius_server:未配置身份验证服务器列表

您似乎错过了“profile local-kpn”中的半径服务器。尝试以下配置:

profile local-kpn {  
    accounting-order radius;  
    authentication-order radius;  
    radius {  
        authentication-server 10.10.10.18;  
        accounting-server 10.10.10.18;  
    }      
    accounting {  
        order radius;  
    }  
}
其它你可能感兴趣的问题
上一篇如何在 Cisco ASR1002 上使用 SNMP 命令从交换机复制运行配置? 下一篇IP SLA 命令不可用,替代方法?