Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring More Than One Authentication Method (SRC CLI)

    Tasks to configure more than one authentication method at the SRC CLI are:

    1. Configuring Authentication Order
    2. Configuring TACACS+ or RADIUS Authentication
    3. Configuring TACACS+ and RADIUS Authentication

    Configuring Authentication Order

    To configure the order in which to use authentication servers:

    1. From configuration mode, access the [system] hierarchy level.
    2. Specify the authentication order.
      [edit system]user@host# set authentication-order [(radius | tacplus | password)]

      Specify one or more of the following in the preferred order, from first authentication method tried to last tried:

      • radius—Verify the user using RADIUS authentication services.
      • tacplus—Verify the user using TACACS+ authentication services.
      • password—Verify the user using the password configured for the user with the authentication statement at the [edit system login user] hierarchy level.

    If you do not include the authentication-order statement, users are verified based on their configured passwords.

    Note: The SRC software looks at the local password file even if the RADIUS server sends an Access-Reject.

    Configuring TACACS+ or RADIUS Authentication

    To configure the SRC software to try to authenticate users through TACACS+ and, if the TACACS+ server is unavailable, to use password authentication:

    • Specify the following authentication order:
      [edit]user@host# set system authentication-order [tacplus password]

      or

      [edit]user@host# set system authentication-order tacplus

    To configure the SRC software to try to authenticate users through RADIUS and, if the RADIUS server is unavailable, to use password authentication:

    • Specify the following authentication order:
      [edit]user@host# set system authentication-order [radius password]

      or

      [edit]user@host# set system authentication-order radius

    Configuring TACACS+ and RADIUS Authentication

    To configure the SRC software to try to authenticate users through TACACS+, and if the TACACS+ server is unavailable, to use RADIUS authentication; and then, if the RADIUS server is unavailable, to use password authentication:

    • Specify the following authentication order:
      [edit]user@host# set system authentication-order [tacplus radius password]

      or

      [edit]user@host# set system authentication-order [tacplus radius]

    To configure the SRC software to try to authenticate users through RADIUS and, if the RADIUS server is unavailable, to use TACACS+ authentication; and then, if the TACACS+ server is unavailable, to use password authentication:

    • Specify the following authentication order:
      [edit]user@host# set system authentication-order [radius tacplus password]

      or

      [edit]user@host# set system authentication-order [radius tacplus]

    Published: 2014-12-10