Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12 Configuration Manual page 363
Software for e series broadband services routers broadband access configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12:
- Configuration manual (750 pages)
Table of Contents
Advertisement
aaa new-model
accounting
Copyright © 2010, Juniper Networks, Inc.
Use to set AAA authentication at login. This command creates a list that specifies the
methods of authentication.
Once you specify aaa new-model as the authentication method for vty lines, an
authentication list called "default" is automatically assigned to the vty lines. To allow
users to access the vty lines, you must create an authentication list and either:
Name the list "default."
Assign a different name to the authentication list, and assign the new list to the vty
line using the login authentication command.
The authentication methods that you can use in a list include these options: radius,
line, tacacs+, none, and enable.
The router traverses the list of authentication methods to determine whether a user
is allowed to start a Telnet session. If a specific method is available but the user
information is not valid (such as an incorrect password), the router does not continue
to traverse the list and denies the user a session.
If a specific method is unavailable, the router continues to traverse the list. For example,
if tactacs+ is the first authentication type element on the list and the TACACS+ server
is unreachable, the router attempts to authenticate with the next authentication type
on the list, such as radius.
The router assumes an implicit denial of service if it reaches the end of the
authentication list without finding an available method.
Example
host1(config)#aaa authentication login my_auth_list tacacs+ radius line none
Use the no version to remove the authentication list from your configuration.
See aaa authentication login
Use to specify AAA new model as the authentication method for the vty lines on your
router.
If you specify AAA new model and you do not create an authentication list, users will
not be able to access the router through a vty line.
Example
host1(config)#aaa new-model
Use the no version to restore simple authentication (login and password).
See aaa new-model
Chapter 9: Configuring TACACS+
325
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12
Related Products for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.0.X - BGP AND MPLS CONFIGURATION GUIDE 2009-12-30
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - MULTICAST ROUTING CONFIGURATION GUIDE 2010-10-07
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - PHYSICAL LAYER CONFIGURATION GUIDE 2010-09-24
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - SERVICE AVAILABILITY CONFIGURATION GUIDE 2010-10-08
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - LINK LAYER CONFIGURATION GUIDE 2010-10-13
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - QUALITY OF SERVICE CONFIGURATION GUIDE 2010-09-22
- Juniper JUNOS OS 10.3 - XML MANAGEMENT PROTOCOL GUIDE 6-30-2010
- Juniper JUNOS SOFTWARE 10.2 - SOFTWARE INSTALLATION AND UPGRADE GUIDE 4-28-2010
- Juniper JUNOS 10.1 - CONFIGURATION GUIDE 1-2010
- Juniper JUNOSE 11.1.X - BROADBAND ACCESS CONFIGURATION GUIDE 6-4-2010
- Juniper JUNOSE SOFTWARE 11.1.X - BROADBAND ACCESS CONFIGURATION GUIDE 6-6-2010
- Juniper JUNOSE 11.1.X - QUALITY OF SERVICE CONFIGURATION GUIDE 3-21-2010
- Juniper JUNOSE SOFTWARE 11.0.X - LINK LAYER CONFIGURATION GUIDE 4-1-2010
- Juniper JUNOSE SOFTWARE 11.2.X - BROADBAND ACCESS CONFIGURATION GUIDE 7-20-2010