 |
Note: Early versions of the TACACS+ server do not support the single-connection option. If you specify this option and the server does not support it, the JUNOS software will be unable to communicate with that TACACS+ server. |
To use TACACS+ authentication on the router, configure information about one or more TACACS+ servers on the network by including the tacplus-server statement at the [edit system] hierarchy level. For example:
- [edit system]
- tacplus-server 192.168.66.4 {
- port 4099;
- secret “$1$7fjhKJdlvnre9rnfJLdNeski”; # SECRET-DATA
- single-connection;
- timeout 3 ;
- }
The port number is the TACACS+ server port number.
You must specify a secret (password) that the local router passes to the TACACS+ client by including the secret statement. Secrets can contain spaces. The secret used by the local router must match that used by the server.
You can optionally specify the length of time that the local router waits to receive a response from a TACACS+ server by including the timeout statement. By default, the router waits 3 seconds. You can configure this to be a value in the range from 1 through 90 seconds.
You can optionally have the software maintain one open Transmission Control Protocol (TCP) connection to the server for multiple requests, rather than opening a connection for each connection attempt by including the single-connection statement.
|
Note: Early versions of the TACACS+ server do not support the single-connection option. If you specify this option and the server does not support it, the JUNOS software will be unable to communicate with that TACACS+ server. |
To configure multiple TACACS+ servers, include multiple tacplus-server statements.
For more information about TACACS+, see the JUNOS System Basics Configuration Guide or the J-series Services Router Administration Guide.
 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |