Cofigure tacacs to Juniper MX-80



  • Dears I Have this config for Cisco Router:

    ip tacacs source-interface vlan316     
    tacacs-server host 192.0.0.7             
    tacacs-server key XKkaksjaksjkajskajsla
    aaa new-model           
    aaa authentication login default group tacacs+ local-case     
    aaa authorization config-commands         
    aaa authorization exec default group tacacs+ local     
    aaa authorization commands 1 default group tacacs+ if-authenticated     
    aaa authorization commands 15 default group tacacs+ if-authenticated no ip unreachables 
    aaa authorization commands 7 default group tacacs+ if-authenticated   
    aaa accounting commands 1 default start-stop group tacacs+     
    aaa accounting commands 7 default start-stop group tacacs+     
    aaa accounting commands 15 default start-stop group tacacs+

    I Need to do the same for my Juniper, but I don´t known how!

    Thanks for your help!



  • you need to create the remote account everything else looks ok.

    set system login user remote full-name "Remote Access Account"
    set system login user remote uid 2001
    set system login user remote class super-user
    set system login user remote authentication encrypted-password



  • @silvio:

    Dears I Have this config for Cisco Router:

    ip tacacs source-interface vlan316     
    tacacs-server host 192.0.0.7             
    tacacs-server key XKkaksjaksjkajskajsla
    aaa new-model           
    aaa authentication login default group tacacs+ local-case     
    aaa authorization config-commands         
    aaa authorization exec default group tacacs+ local     
    aaa authorization commands 1 default group tacacs+ if-authenticated     
    aaa authorization commands 15 default group tacacs+ if-authenticated no ip unreachables 
    aaa authorization commands 7 default group tacacs+ if-authenticated   
    aaa accounting commands 1 default start-stop group tacacs+     
    aaa accounting commands 7 default start-stop group tacacs+     
    aaa accounting commands 15 default start-stop group tacacs+

    I Need to do the same for my Juniper, but I don´t known how!

    Thanks for your help!

    I have never been able to do command authorization successfully with tacacs.  The config is pretty simple though:

    set system authentication-order tacplus
    set system authentication-order password (falls back to local, if the ACS Server doesn’t work)
    set system tacplus-server x.x.x.x port 49 (49 is standard)
    set system tacplus-server x.x.x.x secret "your TAC Secret Key"
    set system tacplus-server x.x.x.x timeout 3 (how many times to try before resorting to local password)



  • Can you please try  with radius in place  of  tacacs


 

43
Online

38.4k
Users

12.7k
Topics

44.5k
Posts