Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

tacplus-server

Syntax

Hierarchy Level

Description

Configure the IPv4 or IPv6 TACACS+ server.

Options

server-address

Address of the IPv4 or IPv6 TACACS+ authentication server.

Note:

Wildcard characters cannot be used in the TACACS+ server address or source address. This is because the TACACS+ server and source can accept both IPv4 and IPv6 addresses and, if you use wildcard characters for these addresses, Junos OS cannot validate mismatching server and source address families.

port port-number

Configure the port number on which to contact the TACACS+ authentication server.

  • Default: 49

routing-instance routing-instance

Configure the routing instance name for the management routing instance, that is mgmt_junos. Configuring this parameter along with the management-instance statement enables authentication processes (for example, RADIUS and TACACS+) to use the non-default management routing instance for packet traffic.

Note:

You must also define the mgmt_junos routing instance under the [edit routing-instances] hierarchy level.

If you no not configure the mgmt_junos instance under the [edit routing-instances] hierarchy level and configure it only under tacplus-server or radius-server, the commit will fail.

secret password

Configure the password to use with the RADIUS or TACACS+ server. The secret password used by the local router or switch must match that used by the server. The password can include spaces included in quotation marks.

Note:

To ensure better security, we recommend you configure the TACACS+ secret password with a minimum of 14 characters.

single-connection

Optimize attempts to connect to a TACACS+ server. The software maintains one open TCP connection to the server for multiple requests rather than opening a connection for each connection attempt.

source-address source-address

Specify a source address for each configured TACACS+ server to record in system log messages that are directed to a remote machine. Configure a valid IP address on one of the device interfaces. For system logging, the address is recorded as the message source in messages sent to the remote machines specified in all host hostname statements at the [edit system syslog] hierarchy level.

  • Default: The primary address of the interface.

timeout seconds

The amount of time that the local device waits to receive a response from a TACACS+ server.

  • Default: 3 seconds

  • Range: 1 through 90 seconds

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

routing-instance option introduced in Junos OS Release 17.4R1.