[Contents] [Prev] [Next] [Index] [Report an Error]

Restricting Access to Virtual Routers

You can use RADIUS authentication to specify whether users can access all virtual routers (VRs), one specific VR, or a set of specific VRs.

Note: This classification is independent of the command access levels configurable through the Initial-CLI-Access-Level VSA.

The VSA Allow-All-VR-Access controls access; the VSA Virtual-Router controls the VR to which the user logs in, and the VSA Alt-CLI-Virtual-Router-Name specifies which VRs other than the VR specified by the VSA virtual-router are accessible to restricted users. See Table 55.

Table 55: Juniper Networks–Specific Virtual Router Access VSA Descriptions

VSA

Description

Type

Length

Subtype

Subtype Length

Value

Allow-All-VR-Access

Specifies user access to all virtual routers.

26

len

19

sublen

Integer:
0 – disable,
1 – enable

Virtual-Router

Specifies the VR to which the user logs in or the only VR to which a user has access. The default setting is the default VR.

26

len

1

sublen

String: virtual-router -name

Alt-CLI-Virtual-Router-
Name

Specifies a VR, other than the VR specified by the Virtual-Router VSA, to which the user has access. You can define this VSA multiple times to define a set of VRs to which a user has access.

26

len

21

sublen

String: virtual-router -name

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.