JUNOSe 11.1.x System Basics Configuration Guide
Configuring AAA Authentication and AAA Authorization
Before you configure AAA authentication and AAA authorization, you need to configure
a RADIUS and/or TACACS+ authentication server. Note that several of the steps in
the configuration procedure are optional.
To configure AAA new model authentication and authorization for inbound sessions
to vty lines on your router:
1.
2.
3.
4.
5.
6.
7.
8.
9.
aaa authentication enable default
430
Vty Line Authentication and Authorization
Specify AAA new model authentication.
host1(config)#aaa new-model
Create an authentication list that specifies the types of authentication methods
allowed.
host1(config)#aaa authentication login my_auth_list tacacs+ line enable
(Optional) Specify the privilege level by defining a method list for authentication.
host1(config)aaa authentication enable default tacacs+ radius enable
(Optional) Enable authorization, and create an authorization method list.
host1(config)aaa authorization commands 15 boston if-authenticated tacacs+
(Optional) Disable authorization for all Global Configuration commands.
host1(config)#no aaa authorization config-commands
Specify the range of vty lines.
host1(config)#line vty 6 10
host1(config-line)#
(Optional) Apply an authorization list to a vty line or a range of vty lines.
host1(config-line)#authorization commands 15 boston
Specify the password for the vty lines.
host1(config-line)#password xyz
Apply the authentication list to the vty lines you specified on your router.
host1(config-line)#login authentication my_auth_list