Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    TACACS+ Server on E Series Broadband Services Routers, Release 15.1

    TACACS+ is a security protocol that provides centralized validation of users who are attempting to gain access to a router, and provides separate authentication, authorization, and accounting (AAA) services. This page provides information that describes how you can configure TACACS+ servers to authenticate and manage subscribers logging in to E Series routers.


    JunosE Software Documentation for E Series Broadband Services Routers, Release 15.1

    Knowledge Base

    TACACS server source address is missing

    Sample TACACS+ server and ERX client configurations

    TACACS accounting creates ghost subscribers on the ERX

    TACACS restrictions can be avoided by using an .scr file

    Memory leak in AAA when VTY line authenticated via TACACS.

    Able to configure TACACS+ in login authentication list multiple times

    The ERX will not respond to new password from a TACACS+ server

    Unable to specify the TACACS+ source address used for TACACS+ server communications

    'show tacacs' displays global key when configured for per-server key

    The 'configure' CLI command incorrectly requires Level 15 authorization within TACACS+

    “show tacacs statistics" output is misleading with regard to authorization & accounting packets

    ERX does not send out any new TACACS Acct Requests when Acct Pending records reaches 100

    Login problems when using TACACS+ where the ERX does not put the user into 'enable mode'.

    SRC: When there is no TACACS+ server reachable on SRC, no user is able to login.

    The customer is seeing a problem with the ERX and the TACACS+ server when the user's password contains a ? mark.

    SRP Reset: reset type: exception 0x68616c74 (halt) in task: ip_Ctrl_41 when running a configuration macro with TACACS command accounting enabled.

    TACACS+ server config problem where a simple expression is needed to permit ping/traceroute to any hostname and address, but not allow pings to a vrf.

    'aaa authorization' command missing 'if-authenticated' option.

    When performing a SNMP poll of the juniTacacsPlusClientKey or juniTacacsPlusClientHostKey MIB, a zero-length value is returned even though a server key is configured.

    Command authorization should send everything up to, but not including, CLI output filtering and redirection

    The ERX can accept and respond to TCP datagrams destined to the directed broadcast address of a locally connected subnet