Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Supported RADIUS and TACACS+ Standards for User Authentication

For validation of the identity of users who attempt to access a router, Junos OS supports RADIUS authentication, TACACS+ authentication, and authentication by means of Junos OS user accounts configured on the router. Junos OS supports the configuration of Juniper Networks-specific RADIUS and TACACS+ attributes, and the creation of template accounts.

All users who can log in to the router must already be assigned to a Junos OS login class. A login class defines its members’ access privileges during a login session, the commands they can and cannot issue, the configuration statements they can and cannot view or change, and the idle time before a member’s login session is terminated.

Junos OS substantially supports the following RFCs, which define standards for RADIUS and TACACS+.

  • RFC 1492, An Access Control Protocol, Sometimes Called TACACS

  • RFC 2865, Remote Authentication Dial In User Service (RADIUS)

  • RFC 3162, RADIUS and IPv6

  • RFC 4818, RADIUS Delegated-IPv6-Prefix Attribute

The following Internet drafts do not define standards, but provide information about RADIUS. The IETF classifies them as “Informational.”

  • RFC 2866, RADIUS Accounting

  • RFC 2868, RADIUS Attributes for Tunnel Protocol Support

  • RFC 2869, RADIUS Extensions

  • RFC 4679, DSL Forum Vendor-Specific RADIUS Attributes

  • RFC 5176, Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)