Configuring More Than One Authentication Method (SRC CLI)

Tasks to configure more than one authentication method at the SRC CLI are:

1. Configuring Authentication Order
2. Configuring TACACS+ or RADIUS Authentication
3. Configuring TACACS+ and RADIUS Authentication

Configuring Authentication Order

To configure the order in which to use authentication servers:

1. From configuration mode, access the [system] hierarchy level.
2. Specify the authentication order.

   [edit system]

   user@host# set authentication-order [(radius | tacplus | password)]

   Specify one or more of the following in the preferred order, from first authentication method tried to last tried:

   • radius—Verify the user using RADIUS authentication services.
   • tacplus—Verify the user using TACACS+ authentication services.
   • password—Verify the user using the password configured for the user with the authentication statement at the [edit system login user] hierarchy level.

If you do not include the authentication-order statement, users are verified based on their configured passwords.

Configuring TACACS+ or RADIUS Authentication

To configure the SRC software to try to authenticate users through TACACS+ and, if the TACACS+ server is unavailable, to use password authentication:

• Specify the following authentication order:

  [edit]

  user@host# set system authentication-order [tacplus password]

  or

  [edit]

  user@host# set system authentication-order tacplus

To configure the SRC software to try to authenticate users through RADIUS and, if the RADIUS server is unavailable, to use password authentication:

• Specify the following authentication order:

  [edit]

  user@host# set system authentication-order [radius password]

  or

  [edit]

  user@host# set system authentication-order radius

Configuring TACACS+ and RADIUS Authentication

To configure the SRC software to try to authenticate users through TACACS+, and if the TACACS+ server is unavailable, to use RADIUS authentication; and then, if the RADIUS server is unavailable, to use password authentication:

• Specify the following authentication order:

  [edit]

  user@host# set system authentication-order [tacplus radius password]

  or

  [edit]

  user@host# set system authentication-order [tacplus radius]

To configure the SRC software to try to authenticate users through RADIUS and, if the RADIUS server is unavailable, to use TACACS+ authentication; and then, if the TACACS+ server is unavailable, to use password authentication:

• Specify the following authentication order:

  [edit]

  user@host# set system authentication-order [radius tacplus password]

  or

  [edit]

  user@host# set system authentication-order [radius tacplus]

Related Topics

• Types of Authentication for SRC User Accounts
• Removing an SRC Authentication Method from the Authentication Order
• A C Series Controller as a RADIUS Client and TACACS+ Client
• Configuring RADIUS Authentication (SRC CLI)
• Example: Configuring SRC Authentication

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.