[j-nsp] Re: TACACS+ authorization
Kanagaraj Krishna
kanagaraj at aims.com.my
Mon Jan 23 23:32:26 EST 2006
Hi,
I'm currently working on configuring the user authorization for user access into our m7i router. I'm used to the cisco privilege command, but having some trouble with juniper command hierarchy. Most of the permission bit for access privilege levels are not specific (refered to Juniper site). The authorization that i want set for these user is specifically only allow:
- ping
- traceroute
- exit
- sh config (interface and routing protocols only)
- sh interface
- monitor interface
- configuring specific interfaces only
It would be appreciated if anyone could suggest some examples or reference in doing this. Another question would be, what are the pros and cons of controlling authorization on the router (user template) compared to the aaa server config. Thanks.
Regards,
Kana
More information about the juniper-nsp
mailing list