Creating Local User Databases; Adding User Entries To Local User Databases; Using The Username Command - Juniper JUNOSE SOFTWARE 11.2.X - BROADBAND ACCESS CONFIGURATION GUIDE 7-20-2010 Configuration Manual

Creating Local User Databases

Adding User Entries to Local User Databases

Copyright © 2010, Juniper Networks, Inc.
When a subscriber connects to an E Series router that is using local authentication, the
local authentication server uses the entries in the local user database selected by the
virtual router to authenticate the subscriber.
A local authentication server can have multiple local user databases, and each database
can have entries for multiple subscribers. The default local user database, if it exists, is
used for local authentication by default. The E Series router supports a maximum of 100
user entries. A maximum of 100 databases can be configured.
To create a local user database, use the aaa local database command and the name
of the database; use the name default to create the default local user database:
host1(config)#aaa local database westLocal40
The local authentication server uses the information in a local user database to
authenticate a subscriber. A local user database can contain information for multiple
users.
The E Series router provides two commands for adding entries to local user databases:
the username command and the aaa local username command. You can specify the
following parameters:
Username—Name associated with the subscriber.
Passwords and secrets—Single words that can be encrypted or unencrypted. Passwords
use two-way encryption, and secrets use one-way encryption. Both passwords and
secrets can be used with PAP authentication; however, only passwords can be used
with CHAP authentication.
IP address—The IP address to assign to the subscriber (aaa local username command
only).
IP address pool—The IP address pool used to assign the subscriber's IP address (aaa
local username command only).
Operational virtual router—The virtual router to which the subscriber is assigned. This
parameter is applicable only if the subscriber is authenticated by the default virtual
router (aaa local username command only).

Using the username Command

The username command is similar to the command used by some third-party vendors.
The command can be used to add entries in the default local user database; it is not
supported for named local user databases. The IP address, IP address pool, and
operational virtual router parameters are not supported in the username command.
However, after the user is added to the default local user database, you can use the aaa
local username command with a database name default to enter Local User
Configuration mode and add the additional parameters.
Chapter 1: Configuring Remote Access
39