Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How Does Authentication Work When Radius Fails Over



Article ID: KB7826 KB Last Updated: 23 Jun 2010Version: 4.0
An external authentication server using Radius with redundant radius servers.
How does authentication flow when Radius fails on the primary server?

By default, when authentication requires proxying to an external radius server, the radius request is first sent to the primary server.  If there is no acceptable response from the primary server, the NetScreen sends the request to the backup1 server.  If backup1 is not reachable, it sends the request to backup2. 

For all radius connections, the NetScreen tries to use the latest active Radius server.  For example, assume the primary radius server fails.  For all subsequent connections, it tries to use the backup1 server.  Even if the primary radius server comes back online, the radius request still goes to the backup1 server, until the backup1 server fails. Then, the primary radius server accepts the authentication requests.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search