User Accounts and Authentication
Create user accounts and authentication on the ACX7000 family of routers using Junos OS Evolved CLI. The ACX7000 family of routers includes ACX7020, ACX7024, ACX7024X, ACX7100, ACX7332, ACX7348, and ACX7509 routers.
After you have configured the hostname, timezone, and identity of your ACX7000 router in the network, you can create user accounts and authentication methods.
A user account is an identity created on the router that provides someone access to the router and includes username, password (or authentication method), and login class (permission level). For more information, see User Accounts.
Authentication is the process of verifying the user's identity before granting access. For more information, see User Authentication Overview.
The ACX7000 family of routers includes predefined login classes such as operator, read-only, superuser, an unauthorized. For more information, see Login Classes.
Local User Account
The simplest authentication method, where username and password are stored on the router. You can create a user and define the associated permission and system access using a login class. For more information, see User Accounts and Login Classes.
Create an Admin User
[edit] root@re0# set system login user admin class super-user root@re0# set system login user admin authentication plain-text-password
RADIUS Authentication
This type of authentication uses a centralized server to authenticate users who attempt to access a network device. This is a commonly used authentication method in telecom networks. For more information, see RADIUS Authentication.
Configure a RADIUS server:
[edit] root@re0# set system radius-server server-address secret password root@re0# set system radius-server server-address source-address ip-address
Configure the authentication order:
[edit] root@re0# set system authentication-order [radius password]
This configuration prioritizes the RADIUS authentication method and on failure of this authentication method, applies the local user authentication method.
TACACS+ Authentication
This type of authentication is an alternate method of authenticating users who attempt to access a network device. This method provides authentication and command authorization and is often used in enterprise networks. For more information, see TACACS+ Authentication.
Configure the TACACS+ server:
[edit] root@re0# set system tacplus-server server-address root@re0# set system tacplus-server server-address secret password root@re0# set system tacplus-server server-address source-address source-address
Configure the authentication order:
[edit] root@re0# set system authentication-order [tacplus radius password]
This configuration prioritizes TACACS+ authentication and on failure of this method, applies RADIUS server authentication and finally local user authentication.