[j-nsp] TACACS and Logical systems
Amos Rosenboim
amos at oasis-tech.net
Thu Mar 20 16:40:56 EDT 2014
Hello Everybody,
One of our customers is going to implement logical systems in his network (core and access on the same box, different logical systems).
All user accounts are based on TACACS with AD integration.
Our challenge is with the network operations folks, we would like to provide them limited access to the core (base) and full access on the access router.
So far the only option we could think of was to have different source IP when accessing the core and access, and assign privileges in the TACACS based on the combination of user and source IP.
I'm wondering if anyone has deployed something more elegant from this ?
Regards
Amos
More information about the juniper-nsp
mailing list