[j-nsp] Juniper with tacacs+
Matthew Johnson
m01442 at hotmail.com
Thu Apr 27 12:15:20 EDT 2006
Hi,
Under the interface section you will need to create a new service called
junos-exec (leave the protocol field blank) on the Cisco ACS server through
the gui.
Create a group and the new service field will be visible. Tick the
junos-exec and custom attributes fields. The add the type of authroization
using the syntax below.
allow-commands=^configure.*$|^start shell.*$|^monitor traffic.*$|^commit.*$
deny-commands=^request.*$
allow-configuration=(interfaces)|(system)
deny-configuration=(dialer)
Note permissions are not supported.
So to allow access to configure interfaces you need the allow-commands for
configure and the allow-configuration for interfaces.
A presume you already have the juniper device configured and setup to use
cisco tacacs+
Regards
MLJ
>From: matodzi siriba <rsiriba at yahoo.com>
>To: juniper-nsp at puck.nether.net
>Subject: [j-nsp] Juniper with tacacs+
>Date: Tue, 25 Apr 2006 00:56:59 -0700 (PDT)
>
>
>Hi
>
>I need help,I'm trying to get my Juniper m10 working
>with cisco ACS Tacacs+ for authorisations,I dont seem
>to get this right.what are the command to configure on
>the router and on the ACS.does Juniper work with
>Tacacs? or with radius only
>
>please help
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list