 |
Note: Early versions of the TACACS+ server do not support the single-connection option. If you specify this option and the server does not support it, the JUNOS software will be unable to communicate with that TACACS+ server. |
To use TACACS+ authentication on the router, configure information about one or more TACACS+ servers on the network by including the tacplus-server statement at the [edit system] hierarchy level:
- [edit system]
-
tacplus-server server-address {
-
port port-number;
-
secret password;
-
single-connection;
-
timeout seconds;
- }
server-address is the address of the TACACS+ server.
port-number is the TACACS+ server port number.
You must specify a secret (password) that the local router passes to the TACACS+ client by including the secret statement. If the password included spaces, enclose the password in quotation marks. The secret used by the local router must match that used by the server.
Optionally, you can specify the length of time that the local router waits to receive a response from a TACACS+ server by including the timeout statement. By default, the router waits 3 seconds. You can configure this to be a value in the range from 1 through 90 seconds.
Optionally, you can have the software maintain one open Transmission Control Protocol (TCP) connection to the server for multiple requests, rather than opening a connection for each connection attempt by including the single-connection statement.
|
Note: Early versions of the TACACS+ server do not support the single-connection option. If you specify this option and the server does not support it, the JUNOS software will be unable to communicate with that TACACS+ server. |
To configure multiple TACACS+ servers, include multiple tacplus-server statements.
On a TX Matrix platform, TACACS+ accounting should be configured only under the groups re0 and re1.
|
Note: Accounting should not be configured at the [edit system] hierarchy level; on a TX Matrix platform, control is done under the switch-card chassis only. |
To configure a set of users that share a single account for authorization purposes, you create a template user. To do this, include the user statement at the [edit system login] hierarchy level, as described in Configuring Template Accounts for RADIUS and TACACS+ Authentication.
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |