TACACS+ (tac_plus) with Juniper SRX

This post shows how to configure a TACACS+ server for system authentication in Juniper SRX with open source tac_plus software.

Juniper SRX configuration
Connect to SRX and enter configure mode
root@SRX-FW% cli
root@SRX-FW> configure
warning: Clustering enabled; using private edit
warning: uncommitted changes will be discarded on exit
Entering configuration mode{primary:node1}[edit]

Add a new TACACS+ server and set its IP address.
root@SRX-FW#set tacplus-server address

Specify the shared secret (password) of the TACACS+ server.
root@SRX-FW#set tacplus-server secret Tacacssecret1

Specify the device’s loopback address as the source address.
root@SRX-FW#set tacplus-server source-address

Set for single connection authentication
root@SRX-FW#set tacplus-server single-connection

Set authentication order
root@SRX-FW# set system authentication-order tacplus
root@SRX-FW# set system authentication-order password

Set accounting logging
root@SRX-FW# set system accounting events login
root@SRX-FW#set system accounting events change-log
root@SRX-FW#set system accounting events interactive-commands
root@SRX-FW#set system accounting destination tacplus

Verify configuration
root@SRX-FW# show system tacplus-server
root@SRX-FW# show system accounting

tac_plus configuration
key = Tacacssecret1
group = srx {
service = junos-exec
local-user-name = root

user = srxadmin {
default service = permit
login = file /etc/passwd
member = srx

Incoming search terms:

  • juniper srx 345 tacacs server
  • junos tacas
  • Juniper TAC system
  • srx YANDEX
  • how to configure tacacs plus server for juniper
  • https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1828 G11AS8abecpbqUMrlo8bXxiKJ0ruWvrtPHuPMOadwRbsIdCBfMnBv50nEh5FkrD2 d9386682b756cdf106434029d52cbb4ba0967ef7&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme
  • juniper srx tacacs
  • srx tacacs
  • srx tacase认证
  • tacacs configuration on juniper srx
  • tacacs juniper srx