Supported RADIUS and TACACS+ Standards for User Authentication

For validation of the identity of users who attempt to access a router, the JUNOS Software supports RADIUS authentication, TACACS+ authentication, and authentication by means of JUNOS user accounts configured on the router. The JUNOS Software supports the configuration of Juniper Networks-specific RADIUS and TACACS+ attributes, and the creation of template accounts.

All users who can log in to the router must already be assigned to a JUNOS login class. A login class defines its members’ access privileges during a login session, the commands they can and cannot issue, the configuration statements they can and cannot view or change, and the idle time before a member’s login session is terminated.

The JUNOS Software substantially supports the following RADIUS and TACACS+ standards.

Standards Track RFCs

• RFC 1492, An Access Control Protocol, Sometimes Called TACACS
• RFC 2865, Remote Authentication Dial In User Service (RADIUS)
• RFC 3162, RADIUS and IPv6
• RFC 4818, RADIUS Delegated-IPv6-Prefix Attribute

Informational RFCs

• RFC 2866, RADIUS Accounting
• RFC 2869, RADIUS Extensions
• RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)

Related Topics

• Supported System Access Standards
• Accessing Standards Documents on the Internet