Supported RADIUS and TACACS+ Standards for User Authentication

For validation of the identity of users who attempt to access a router, the Junos OS supports RADIUS authentication, TACACS+ authentication, and authentication by means of Junos user accounts configured on the router. The Junos OS supports the configuration of Juniper Networks-specific RADIUS and TACACS+ attributes, and the creation of template accounts.

All users who can log in to the router must already be assigned to a Junos login class. A login class defines its members’ access privileges during a login session, the commands they can and cannot issue, the configuration statements they can and cannot view or change, and the idle time before a member’s login session is terminated.

The Junos OS substantially supports the following RFCs, which define standards for RADIUS and TACACS+.

• RFC 1492, An Access Control Protocol, Sometimes Called TACACS
• RFC 2865, Remote Authentication Dial In User Service (RADIUS)
• RFC 3162, RADIUS and IPv6
• RFC 4818, RADIUS Delegated-IPv6-Prefix Attribute

The following Internet drafts do not define standards, but provide information about RADIUS. The IETF classifies them as “Informational.”

• RFC 2866, RADIUS Accounting
• RFC 2869, RADIUS Extensions
• RFC 3576, Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)

Related Topics

• Supported System Access Standards
• Accessing Standards Documents on the Internet