Configuring tacacs+ authentication on the switch, Secure shell – Juniper Networks EX2500 User Manual
Page 31
Securing Access to the Switch
17
Chapter 1: Accessing the Switch
accounting request, cmd=shell, cmd-arg=interface ip
authorization request, cmd=shell, cmd-arg=enable
accounting request, cmd=shell, cmd-arg=enable
Configuring TACACS+ Authentication on the Switch
1.
Configure the Primary and Secondary TACACS+ servers, and enable TACACS
authentication.
ex2500(config)# tacacs-server primary-host 10.10.1.1
ex2500(config)# tacacs-server secondary-host 10.10.1.2
ex2500(config)# tacacs-server enable
2.
Configure the TACACS+ secret and second secret.
ex2500(config)# tacacs-server primary-host 10.10.1.1 key <1-32 character
secret>
ex2500(config)# tacacs-server secondary-host 10.10.1.2 key <1-32 character
secret>
3.
If desired, you may change the default TCP port number used to listen to
TACACS+. The well-known port for TACACS+ is 49.
ex2500(config)# tacacs-server port <TCP port number>
4.
Configure the number of retry attempts and the timeout period.
ex2500(config)# tacacs-server retransmit 3
ex2500(config)# tacacs-server timeout 5
Secure Shell
Secure Shell (SSH) uses secure tunnels to encrypt and secure messages between a
remote administrator and the switch. Telnet does not provide this level of security.
The Telnet method of managing an EX2500 switch does not provide a secure
connection.
SSH is a protocol that enables remote administrators to log securely into the
EX2500 over a network to execute management commands.
SSH provides the following benefits:
Authentication of remote administrators
Identifying the administrator using Name and Password
Authorization of remote administrators
Determining the permitted actions and customizing service for individual
administrators
Encryption of management messages
Encrypting messages between the remote administrator and switch