Juniper SSG/ISG Device configuration from CLI
Add the Cisco ACS and TACACS+ configuration:
set auth-server CiscoACSv5 id 1
set auth-server CiscoACSv5 server-name 192.168.1.100
set auth-server CiscoACSv5 account-type admin
set auth-server CiscoACSv5 type tacacs
set auth-server CiscoACSv5 tacacs secret CiscoACSv5
set auth-server CiscoACSv5 tacacs port 49
set admin auth server CiscoACSv5
set admin auth remote primary
set admin auth remote root
set admin privilege get-external
You can configure the above configuration using GUI for this Go to Configuration->Auth->Auth Servers
Configure the Cisco ACS v5.x (GUI)
- Go to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles, and create the Juniper Shell Profile:
Click the Create button, which is located at the bottom of the page.
Click the General tab and type the following information:
Description: Custom Attributes for Juniper SSG320M
Click the Custom Attributes tab and add the vsys attribute:
Click the Add button, which is above the Attribute field.
Add the privilege attribute:
Click the Add button, which is above the Attribute field. Now click the Submit button, which is located at the bottom of the page.
- Go to Access Policies > Access Services > Default Device Admin > Authorization and create the Juniper Authorization Policy and filter (by Device IP Address):
Click the Customize button, which is located at the bottom right-hand side of the page.
Under Customize Conditions, select Device IP Address from the left text box, and click the > button to add it.
Click OK to close the window.
Click the Create button, which is located at the bottom of the page, to create a new rule:
Under General, name the new rule as Juniper and ensure that it is enabled.
Under Conditions, select the checkbox next to Device IP Address, and type the IP address of the Juniper firewall (192.168.1.100)
Under Results, click the Select button, which is located next to the Shell Profile field, Select Juniper, and click OK.
Under Results, click the Select button, which is located below the Command Sets (if used) field, select Permit All and ensure that all the other checkboxes are unselected.
Click OK to close the window.
Click OK, which is located at the bottom of the page, to close the window.
Select the checkbox next to the Juniper policy and then move it to the top of the list.
Click Save Changes, which is located at the bottom of the page.
Logon to the Juniper CLI and GUI via an ACS Internal User account and attempt to change a setting to verify the privilege level.
Incoming search terms:
- juniper ssg tacacs howto (12)
- tutorial configuration juniper tacacs (2)
- juniper ssg with cisco acs (2)
- juniper ssg configuration (2)
- cisco acs juniper configuration (2)
- ssg add to acs (1)
- local-user-name juniper cisco acs 5 (1)
- juniper tacacs acs 5 (1)
- tacacs - no entry found for the service netscreen and protocol in the authorization entry (1)
- tacacs command on juniper ssg (1)