Question 5 - JN0-636 discussion

According to the output of the traceoptions file called radius, the source of the problem is that the RADIUS server IP address is unreachable. This is indicated by the line FAILURE: sendto: No route to host, which shows that the SRX device cannot send the authentication request to the RADIUS server.

This could be due to a network issue, such as a misconfigured route, a firewall blocking the traffic, or a physical link failure.

To troubleshoot this issue, the user should check the following:

The RADIUS server IP address and port are correctly configured on the SRX device. The user can verify this by using the command show configuration access radius-server1.

The SRX device can ping the RADIUS server IP address. The user can use the command ping <RADIUSserver-IP> to test the connectivity2.

The SRX device has a valid route to the RADIUS server IP address. The user can use the command show route <RADIUS-server-IP> to check the routing table3.

The SRX device and the RADIUS server are using the same shared secret key. The user can verify this by using the command show configuration access radius-server secret1.

The SRX device and the RADIUS server are using the same authentication protocol. The user can verify this by using the command show configuration access profile <profile-name>4.

The firewall policies on the SRX device and any intermediate devices are allowing the RADIUS traffic. The user can use the command show security policies from-zone <source-zone> to-zone <destination-zone> to check the firewall policies5.

Reference: 1: Configuring RADIUS Server Parameters 2: ping - Technical Documentation - Support -Juniper Networks 3: show route - Technical Documentation - Support - Juniper

Networks 4: Configuring Authentication Profiles 5: show security policies - Technical Documentation -Support - Juniper Networks