Configuring More Than One Authentication Method (SRC CLI)

Tasks to configure more than one authentication method at the SRC CLI are:

  1. Configuring Authentication Order
  2. Configuring TACACS+ or RADIUS Authentication
  3. Configuring TACACS+ and RADIUS Authentication

Configuring Authentication Order

To configure the order in which to use authentication servers:

  1. From configuration mode, access the [system] hierarchy level.
  2. Specify the authentication order.
    [edit system]
    user@host# set authentication-order [(radius | tacplus | password)]

    Specify one or more of the following in the preferred order, from first authentication method tried to last tried:

    • radius—Verify the user using RADIUS authentication services.
    • tacplus—Verify the user using TACACS+ authentication services.
    • password—Verify the user using the password configured for the user with the authentication statement at the [edit system login user] hierarchy level.

If you do not include the authentication-order statement, users are verified based on their configured passwords.

Configuring TACACS+ or RADIUS Authentication

To configure the SRC software to try to authenticate users through TACACS+ and, if the TACACS+ server is unavailable, to use password authentication:

  • Specify the following authentication order:
    [edit]
    user@host# set system authentication-order [tacplus password]

    or

    [edit]
    user@host# set system authentication-order tacplus

To configure the SRC software to try to authenticate users through RADIUS and, if the RADIUS server is unavailable, to use password authentication:

  • Specify the following authentication order:
    [edit]
    user@host# set system authentication-order [radius password]

    or

    [edit]
    user@host# set system authentication-order radius

Configuring TACACS+ and RADIUS Authentication

To configure the SRC software to try to authenticate users through TACACS+and, if the TACACS+ server is unavailable, to use RADIUS authentication; and then, if the RADIUS server is unavailable, to use password authentication:

  • Specify the following authentication order:
    [edit]
    user@host# set system authentication-order [tacplus radius password]

    or

    [edit]
    user@host# set system authentication-order [tacplus radius]

To configure the SRC software to try to authenticate users through RADIUS and, if the RADIUS server is unavailable, to use TACACS+ authentication; and then, if the TACACS+ server is unavailable, to use password authentication:

  • Specify the following authentication order:
    [edit]
    user@host# set system authentication-order [radius tacplus password]

    or

    [edit]
    user@host# set system authentication-order [radius tacplus]

Copyright © 2008, Juniper Networks, Inc. All rights reservedTrademark Notice.