Juniper Networks EX2500 User Manual
Page 26
EX2500 Ethernet Switch Configuration Guide
12
Securing Access to the Switch
3.
If desired, you may change the default UDP port number used to listen to
RADIUS. The well-known port for RADIUS is 1812.
ex2500(config)# radius-server port <UDP port number>
4.
Configure the number of retry attempts for contacting the RADIUS server, and
the timeout period.
ex2500(config)# radius-server retransmit 3
ex2500(config)# radius-server timeout 5
RADIUS Authentication Features in the EX2500 Switch
The EX2500 switch supports the following RADIUS authentication features:
Supports a RADIUS client on the switch, based on the protocol definitions in
RFC 2138 and RFC 2866.
Allows a RADIUS secret password of up to 32 bytes and less than 16 octets.
Supports a secondary authentication server so that when the primary
authentication server is unreachable, the switch can send client authentication
requests to the secondary authentication server. Use the following command to
show the currently active RADIUS authentication server:
ex2500
# show radius-server
Supports user-configurable RADIUS server retry and time-out values:
Time-out value = 1 to 10 seconds
Retries = 1 through 3
The switch will time out if it does not receive a response from the RADIUS
server in 1 through 3 retries. The switch will also automatically retry
connecting to the RADIUS server before it declares the server down.
Supports a user-configurable RADIUS application port. The default is
1812/UDP, based on RFC 2138. Port 1645 is also supported.
Allows the network administrator to define privileges for one or more specific
users to access the switch at the RADIUS user database.