Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE

Syntax
Hierarchy Level
Description
Options
Required Privilege Level
Release Information

server (TACACS+ Accounting)

Syntax

Hierarchy Level

Description

Configure TACACS+ logging.

Options

`server-address`	Address of the IPv4 or IPv6 TACACS+ authentication server. Note: Wildcard characters cannot be used in the TACACS+ server address or source address. This is because the TACACS+ server and source can accept both IPv4 and IPv6 addresses and, if you use wildcard characters for these addresses, Junos OS cannot validate mismatching server and source address families.
port `port-number`	Configure the port number on which to contact the TACACS+ authentication server. Default: 49
routing-instance `routing-instance`	Configure the routing instance name for the management routing instance, that is `mgmt_junos`. Configuring this parameter along with the `management-instance` statement enables authentication processes (for example, RADIUS and TACACS+) to use the non-default management routing instance for packet traffic. Note: You must also define the mgmt_junos routing instance under the `[edit routing-instances]` hierarchy level. If you no not configure the mgmt_junos instance under the `[edit routing-instances]` hierarchy level and configure it only under `tacplus-server` or `radius-server`, the commit will fail.
secret `password`	Configure the password to use with the RADIUS or TACACS+ server. The secret password used by the local router or switch must match that used by the server. The password can include spaces included in quotation marks. Note: To ensure better security, we recommend you configure the TACACS+ secret password with a minimum of 14 characters.
single-connection	Optimize attempts to connect to a TACACS+ server. The software maintains one open TCP connection to the server for multiple requests rather than opening a connection for each connection attempt.
source-address `source-address`	Specify a source address for each configured TACACS+ server to record in system log messages that are directed to a remote machine. Configure a valid IP address on one of the device interfaces. For system logging, the address is recorded as the message source in messages sent to the remote machines specified in all `host hostname` statements at the `[edit system syslog]` hierarchy level. Default: The primary address of the interface.
timeout `seconds`	The amount of time that the local device waits to receive a response from a TACACS+ server. Default: 3 seconds Range: 1 through 90 seconds

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

routing-instance option introduced in Junos OS Release 17.4R1.