Technical Documentation

Technical Documentation

Content Explorer ^New

Enterprise MIBs

EOL Documentation

Feature Explorer

File Format Help

Portable Libraries

TACACS+ Server on E Series Broadband Services Routers, Release 13.2

TACACS+ is a security protocol that provides centralized validation of users who are attempting to gain access to a router, and provides separate authentication, authorization, and accounting (AAA) services. This page provides information that describes how you can configure TACACS+ servers to authenticate and manage subscribers logging in to E Series routers.

JunosE Software Documentation for E Series Broadband Services Routers, Release 13.2

Overview
Configuration
Administration
Troubleshooting

How TACACS+ Works

Understanding TACACS+

TACACS+ References

TACACS+ Platform Considerations

Interoperation with Packet Mirroring
Using TACACS+ and Vty Access Lists to Secure Packet Mirroring

Configuring TACACS+ Server, Authentication, and Accounting
Configuring TACACS+

Configuration Commands

aaa accounting commands

aaa accounting exec

aaa authentication enable default

aaa authentication login

login authentication

tacacs-server host

tacacs-server key

tacacs-server retransmit-retries

tacacs-server source-address

tacacs-server timeout

Verifying TACACS+ Statistics

Setting Baseline TACACS+ Statistics

Monitoring TACACS+ Statistics

Viewing TACACS+ Server Settings
Monitoring TACACS+ Information

Monitoring Commands

baseline tacacs

show statistics tacacs

Knowledge Base

TACACS server source address is missing

Sample TACACS+ server and ERX client configurations

TACACS accounting creates ghost subscribers on the ERX

TACACS restrictions can be avoided by using an .scr file

Memory leak in AAA when VTY line authenticated via TACACS.

Able to configure TACACS+ in login authentication list multiple times

The ERX will not respond to new password from a TACACS+ server

Unable to specify the TACACS+ source address used for TACACS+ server communications

'show tacacs' displays global key when configured for per-server key

The 'configure' CLI command incorrectly requires Level 15 authorization within TACACS+

“show tacacs statistics" output is misleading with regard to authorization & accounting packets

ERX does not send out any new TACACS Acct Requests when Acct Pending records reaches 100

Login problems when using TACACS+ where the ERX does not put the user into 'enable mode'.

SRC: When there is no TACACS+ server reachable on SRC, no user is able to login.

The customer is seeing a problem with the ERX and the TACACS+ server when the user's password contains a ? mark.

SRP Reset: reset type: exception 0x68616c74 (halt) in task: ip_Ctrl_41 when running a configuration macro with TACACS command accounting enabled.

TACACS+ server config problem where a simple expression is needed to permit ping/traceroute to any hostname and address, but not allow pings to a vrf.

'aaa authorization' command missing 'if-authenticated' option.

When performing a SNMP poll of the juniTacacsPlusClientKey or juniTacacsPlusClientHostKey MIB, a zero-length value is returned even though a server key is configured.

Command authorization should send everything up to, but not including, CLI output filtering and redirection

The ERX can accept and respond to TCP datagrams destined to the directed broadcast address of a locally connected subnet

Downloads

Site Map / RSS Feeds / Careers / Accessibility / Feedback / Privacy & Policy / Legal Notices

Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.

|

|