Configuring tacacs+ authentication on the switch, Secure shell – Juniper Networks EX2500 User Manual

Securing Access to the Switch

„

17

Chapter 1: Accessing the Switch

accounting request, cmd=shell, cmd-arg=interface ip
authorization request, cmd=shell, cmd-arg=enable
accounting request, cmd=shell, cmd-arg=enable

Configuring TACACS+ Authentication on the Switch

1.

Configure the Primary and Secondary TACACS+ servers, and enable TACACS
authentication.

ex2500(config)# tacacs-server primary-host 10.10.1.1
ex2500(config)# tacacs-server secondary-host 10.10.1.2
ex2500(config)# tacacs-server enable

2.

Configure the TACACS+ secret and second secret.

ex2500(config)# tacacs-server primary-host 10.10.1.1 key <1-32 character
secret>
ex2500(config)# tacacs-server secondary-host 10.10.1.2 key <1-32 character
secret>

3.

If desired, you may change the default TCP port number used to listen to
TACACS+. The well-known port for TACACS+ is 49.

ex2500(config)# tacacs-server port

4.

Configure the number of retry attempts and the timeout period.

ex2500(config)# tacacs-server retransmit 3
ex2500(config)# tacacs-server timeout 5

Secure Shell

Secure Shell (SSH) uses secure tunnels to encrypt and secure messages between a
remote administrator and the switch. Telnet does not provide this level of security.
The Telnet method of managing an EX2500 switch does not provide a secure
connection.

SSH is a protocol that enables remote administrators to log securely into the
EX2500 over a network to execute management commands.

SSH provides the following benefits:

„

Authentication of remote administrators

„

Identifying the administrator using Name and Password

„

Authorization of remote administrators

„

Determining the permitted actions and customizing service for individual
administrators

„

Encryption of management messages

„

Encrypting messages between the remote administrator and switch