Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Mapping OpenConfig AAA Commands to Junos Operation

 Note

See OpenConfig Data Model Version topic to understand the data models supported version and its Junos OS release for Juniper Networks ACX Series, EX Series, MX Series, PTX Series, and QFX Series.

The following tables show the mapping of OpenConfig AAA commands with the relevant configuration in Junos OS.

Table 1: Global AAA Configuration

Command Name

OpenConfig Command Path

Junos Configuration

Command path prefix:

/system/aaa

Config-Name

/server-groups/server-group/config/name

Not supported

Note: There is no equivalent configuration in the Junos OS for this path. The configured server group name is used in the RADIUS/TACACS attributes configuration.

Server-Config-Address

/server-groups/server-group/servers/server/config/address

Not supported

Note: There is no equivalent configuration in the Junos OS for this path. The configured server address is used in the RADIUS/TACACS attributes configuration.

Server-Config-Name

/server-groups/server-group/servers/server/config/name

Not supported

Note: There is no equivalent configuration in the Junos OS for this path. You can configure a server name to identify the server.

Config-Timeout

/server-groups/server-group/servers/server/config/timeout

Not supported

Note: There is no equivalent configuration in the Junos OS for this path. However, the timeout configured is derived from the timeout parameter at the Junos OS edit radius-server or edit tacplus-server hierarchy level.

Table 2: RADIUS Server Configuration

Command Name

OpenConfig Command Path

Junos Configuration

Command path prefix:

/system/aaa

Auth-Port

/server-groups/server-group/servers/server/radius/config/auth-port

set system radius-server address port port

Note: The address value is derived from the value configured after server. The port value is the same value as auth-port.

Retransmit-Attempts

/server-groups/server-group/servers/server/radius/config/retransmit-attempts

set system radius-server address retryretry

Note: The address value is derived from the value configured after server. The retry value is the same value as that specified for retransmit-attempts.

Secret-Key

/server-groups/server-group/servers/server/radius/config/secret-key

set system radius-server address secret secret

Note: The address value is derived from the value configured after server. The secret value is the same value as that specified for secret-key.

Source-Address

/server-groups/server-group/servers/server/radius/config/source-address

set system radius-server address source-address source-address

Note: The address value is derived from the value configured after server. The source-address value is the same value as that specified for source-address.

Table 3: TACACS Server Configuration

Command Name

OpenConfig Command Path

Junos Configuration

Command path prefix:

/system/aaa

Config-Port

/server-groups/server-group/servers/server/tacacs/config/port

set system tacplus-server address port port

Note: The address value is derived from the value configured after server. The port value is the same value as that specified for port.

Secret-Key

/server-groups/server-group/servers/server/tacacs/config/secret-key

set system tacplus-server address secret secret

Note: The address value is derived from the value configured after server. The secret value is the same value as that specified for secret-key.

Source-Address

/server-groups/server-group/servers/server/tacacs/config/source-address

set system tacplus-server address source-address source-address

Note: The address value is derived from the value configured after server. The source-address value is the same value as that specified for source-address.

Table 4: AAA Admin and User Configuration

Command Name

OpenConfig Command Path

Junos Configuration

Command path prefix:

/system/aaa

Admin-Password

/authentication/admin-user/config/admin-password

set system root-authentication plain-text-password

Note: The plain-text-password-authentication value is derived from the value configured for admin-password.

Admin-Password-Hashed

/authentication/admin-user/config/admin-password-hashed

set system root-authentication encrypted-password encrypted-password

Note: The encrypted-password value is derived from the value configured for admin-password-hashed.

Authentication-Method

/authentication/config/authentication-method

set system authentication-order

Note: The authentication-order value is derived from the value configured for authentication-method.

Password

/authentication/users/user/config/password

set system login user user-name authentication plain-text-password plain-text-password

Note: The user-name value is derived from the value configured for user. The plain-text-password value is derived from the value configured for password.

Password-Hashed

/authentication/users/user/config/password-hashed

set system login user user-name authentication encrypted-password encrypted-password

Note: The user-name value is derived from the value configured for user. The encrypted-password value is derived from the value configured for password-hashed.

Role

/authentication/users/user/config/role

set system login user user-name class class

Note: The user-name value is derived from the value configured for user. The class value is derived from the value configured for role.

Username

/authentication/users/user/config/username

Not supported

Note: There is no equivalent configuration in the Junos OS.