1. Sign on to Juniper with your administrator ID and password.
  2. In the left-hand navigation pane, go to Authentication > Auth. Servers.
    A screen capture of the Authentication Servers window showing the New list with the buttons New Server and Delete and a table with a header row that shows Authentication/Authorization Servers, Type, User Record Synchronization, and Logical Auth Server Name. There is a check box column at the left most side. Example servers Administrators and System Local appear as separate entries under the Authentication/Authorization Servers column. Under the Type column, there are two entries for Local Authentication. The columns for User Record Synchronization and Logical Auth Server Name have no entries..The row that contains the System Local entry has a check box in the left most column.
  3. From the New list, select RADIUS Server, and then click New Server.
    The New Radius Server window opens.

    A screen capture of the New Radius Server window. The window includes the Name and NAS-Identifier fields followed by sections for Primary Server and Backup Server. The Primary Server section includes fields for Radius Server, Authentication Port, Shared Secret, Accounting Port, NAS-IP-Address, Timeout, and Retries. There is also a check box option for Users authenticate using tokens or one-time passwords with the note: "If you select this, the device will send the user's authentication method as 'token' if you use SAML, and this credential will not be used in automatic SSO in backend applications. In this screen capture, the Backup Server section includes the specification that it is required only if Backup server exists and fields for Radius Server, Authentication Port, Shared Secret, and Accounting Port.
  4. In the New Radius Server window, enter the following information:
    1. In the Name field, enter the RADIUS Server name.
    2. In the NAS-Identifier field, enter the name of the device as known to the RADIUS server.
    3. In the Radius Server field, enter the DNS name or IP address of the RADIUS server password credential validator (PCV).
    4. In the Authentication Port field, enter the port configured in the RADIUS server PCV. The default value is 1812.
    5. In the Shared Secret field, enter the shared secret configured in the RADIUS server PCV.
    6. In the Accounting Port field, enter the port used for RADIUS accounting.
      Note:

      The default value is 1813 and should not be changed.

    7. In the Timeout field, enter 60.

      The default value is 30.

      Note:

      The Timeout field determines the amount of time in seconds before the connection is timed out.

  5. Click Save Changes.
    The Custom Radius Rules section is enabled.

    A screen capture of the Custom Radius Rules section.
  6. Click New Radius Rule.
    The following window is didplayed:
    A screen capture of the Add Custom Radius Rule window showing the configuration details from the previous configuration steps.
  7. In the Add Custom Radius Rule window, enter the following information:
    1. In the Name field, enter Offline.
    2. From the Response Packet Type list, select Access Challenge.

      This is the default value.

    3. Select the Show Generic Login Page check box.
  8. Click Save Changes.