Before You Configure Tacacs; Configuring Tacacs+ Support; Configuring Authentication - Juniper JUNOSE SOFTWARE 11.0.X - BROADBAND ACCESS CONFIGURATION GUIDE 4-1-2010 Configuration Manual

JUNOSe 11.0.x Broadband Access Configuration Guide

Before You Configure TACACS+

Before you begin to configure TACACS+, you must determine the following for the
TACACS+ authentication and accounting servers:

Configuring TACACS+ Support

To use TACACS+, you must enable AAA. To configure your router to support
TACACS+, perform the following tasks. Some of the tasks are optional. Once you
configure TACACS+ support on the router, you can configure TACACS+
authentication, authorization, and accounting independent of each other.
1.
2.
3.
4.

Configuring Authentication

Once TACACS+ support is enabled on the router, you can configure TACACS+
authentication. Perform the following steps:
1.
2.
316
Before You Configure TACACS+
IP addresses
TCP port numbers
Secret keys
Specify the names of the IP host or hosts maintaining a TACACS+ server.
Optionally, you can specify other parameters, such as port number, timeout
interval, and key.
host1(config)#tacacs-server host 192.168.1.27 port 10 timeout 3 key
your_secret primary
(Optional) Set the authentication and encryption key value shared by all TACACS+
servers that do not have a server-specific key set up by the tacacs-server host
command.
host1(config)#tacacs-server key " &#889P^"
(Optional) Set alternative source address(es) to be used for TACACS+ server
communications.
host1(config)#tacacs-server source-address 192.168.134.63
(Optional) Set the timeout value for all TACACS+ servers that do not have a
server-specific timeout set up by the tacacs-server host command.
host1(config)#tacacs-server timeout 15
Specify AAA new model as the authentication method for the vty lines on your
router.
host1(config)#aaa new-model
Specify AAA authentication by defining an authorization methods list.