Для примера выполню настройку Radius на Juniper MX204.

Проверим установленные лицензии:

show system license usage

У меня отобразилось:

                               Licenses     Licenses    Licenses    Expiry
Feature name                       used    installed      needed
subscriber-accounting                 1            1           0    permanent
subscriber-authentication             0            1           0    permanent
subscriber-address-assignment         1            1           0    permanent
subscriber-vlan                       0            1           0    permanent
subscriber-ip                         0            1           0    permanent
service-dc                            0            1           0    permanent
service-accounting                    0            1           0    permanent
service-qos                           0            1           0    permanent
service-ancp                          0            1           0    permanent
service-cbsp                          0            1           0    permanent
scale-subscriber                      0        64000           0    permanent
scale-l2tp                            0         1000           0    permanent

Примеры просмотра текущих настроек Radius:

configure
run show configuration access
run show configuration access profile CLIENTS
edit access
show

Перейдем в иерархию access:

edit access

Создадим профиль например с именем CLIENTS (закомментированные команды можно использовать при необходимости):

set profile CLIENTS authentication-order radius
set profile CLIENTS accounting-order radius
set profile CLIENTS radius authentication-server 192.168.5.2
set profile CLIENTS radius accounting-server 192.168.5.2
set profile CLIENTS radius options nas-identifier juniper-dhcp
#set profile CLIENTS radius options calling-station-id-format mac-address
#set profile CLIENTS radius options revert-interval 3
#set profile CLIENTS radius options client-authentication-algorithm round-robin
#set profile CLIENTS radius options client-accounting-algorithm round-robin
 
set profile CLIENTS radius-server 192.168.5.2 secret it39.su
set profile CLIENTS radius-server 192.168.5.2 port 1812
set profile CLIENTS radius-server 192.168.5.2 accounting-port 1813
set profile CLIENTS radius-server 192.168.5.2 timeout 20
set profile CLIENTS radius-server 192.168.5.2 retry 5
set profile CLIENTS radius-server 192.168.5.2 source-address 192.168.5.8
#set profile CLIENTS radius-server 192.168.5.2 max-outstanding-requests 500
 
set profile CLIENTS accounting order radius
set profile CLIENTS accounting immediate-update
set profile CLIENTS accounting coa-immediate-update
set profile CLIENTS accounting update-interval 10
set profile CLIENTS accounting statistics volume-time
 
set profile CLIENTS service accounting-order radius
 
#set radius-disconnect 192.168.5.2
exit
 
#set system radius-server 129.168.5.2 secret it39.su

Опишу некоторые параметры которые я указывал:

В глобальном режиме указываем созданный профиль:

set access-profile CLIENTS

Примеры просмотра статистики:

show network-access aaa statistics accounting
show network-access aaa statistics accounting detail
show network-access aaa statistics address-assignment client
show network-access aaa statistics address-assignment pool 17217
show network-access aaa statistics authentication detail
show network-access aaa statistics radius
show network-access aaa statistics radius detail
show network-access aaa statistics dynamic-requests
show network-access aaa radius-servers detail
show network-access aaa subscribers username 5ca6.e63d.d141
show network-access aaa subscribers session-id 5
show route protocol access-internal
show subscribers
show subscribers vlan-id 220
show subscribers subscriber-state active
show subscribers address 172.17.1.5 detail
show subscribers interface demux0.3221225477 detail
show interfaces demux0.3221225477 extensive
test aaa dhcp ...

Для диагностики можно писать более детальные логи в отдельный файл (только на тестовом устройстве, так как для каждого клиента пишется много детальных логов, что нельзя делать если на устройстве много клиентов):

edit system processes general-authentication-service
set traceoptions file IT39 size 10m
set traceoptions flag radius
#set traceoptions flag all
#set traceoptions filter user *ixnfo.com
show
exit

Проверим конфигурацию и применим:

commit check
commit