[j-nsp] Junos tacacs+ authentication using Cisco ACS

Jared Gull jmgull at yahoo.com
Thu Dec 22 01:01:14 EST 2005


Edwin,

The first thing I'd verify is that you have a route to
the server (192.168.2.1) and the server has a route
back to your source address (192.168.20.4).  You could
test this by simply pinging the server address with
the source address specified.  You will also, need to
verify the following:

- tacacs is specified in the authentication order. 
For more information on this check the following URL:

http://www.juniper.net/techpubs/software/junos/junos74/junoscript74-ref-config/html/summary-config289.html

- you will likely need to configure the remote user
account as specified in the URL below:

http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-system-basics/html/sys-mgmt-authentication6.html#1039222

- If after all of this is done and you're still having
problems, you should check the secret and make sure it
is set correctly on both sides (router and server) AND
verify there are no firewall filters applied to your
interfaces that may be causing communication issues.

Hope this helps.

Jared Gull

--- edwin pua <edgpua at yahoo.com> wrote:

> Hi All,
>    
>   Just need your help on how will i make my juniper
> router authenticate using the Cisco ACS.
>    
>   I'm having some problem on my juniper router to
> communicate with our Cisco ACS. here's my config on
> the router:
>    
>   # Juniper configuration:
>    tacplus-server {
>         192.168.2.1 {
>             secret
> "$9$VAb4ZUDkPfzX7jqfzCA8X7Ns4UDkm5F"; ## SECRET-DATA
>             single-connection;
>             source-address 192.168.20.4;
>         }
>     }
>     accounting {
>         events interactive-commands;
>         destination {
>             tacplus {
>                 server {
>                     192.168.2.1 secret
> "$9$hDecK8XxdsYoO17VYojiuO1IyKXxdw2a"; ##
> SECRET-DATA
>                 }
>    
>    user high {
>             uid 3453;
>             class superuser;
>         }
>         user low {
>             uid 2341;
>             class low_class;
>    
>    
>   P.S.  What else do i need to configure on my Cisco
> ACS?
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the juniper-nsp mailing list