Supported System Access and Access Management Standards

To validate users who attempt to access a routing platform, the JUNOS software supports RADIUS authentication, TACACS+ authentication, and authentication by means of JUNOS user accounts configured on the routing platform. The JUNOS software supports the configuration of Juniper Networks-specific RADIUS and TACACS+ attributes, and the creation of template accounts.

The JUNOS software substantially supports the following RADIUS and TACACS+ standards:

• RFC 1492, An Access Control Protocol, Sometimes Called TACACS
• RFC 2865, Remote Authentication Dial In User Service (RADIUS)
• RFC 2866, RADIUS Accounting
• RFC 2869, RADIUS Extensions
• RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)

All users who can log in to the routing platform must already be assigned to a JUNOS login class. A login class defines its members’ access privileges during a login session, the commands they can and cannot issue, the configuration statements they can and cannot view or change, and the idle time before a member’s login session is terminated.

The JUNOS software substantially supports the following access protocols and applications: telnet, FTP, rlogin, and finger. In addition, the Canada and U.S. version of the JUNOS software substantially supports SSH as an access protocol.

The JUNOS software substantially supports RFC 1994, PPP Challenge Handshake Authentication Protocol (CHAP).

The Canada and U.S. version of the JUNOS software substantially supports the following standards related to Secure Sockets Layer (SSL):

• RFC 1319, The MD2 Message-Digest Algorithm
• RFC 1321, The MD5 Message-Digest Algorithm
• RFC 2246, The TLS Protocol Version 1.0
• RFC 3280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.