Authentication

Quizhttps://networkdirection.net/labsandquizzes/quizzes/juniper-jncia/authentication

Labshttps://networkdirection.net/labsandquizzes/labs/jncia-labs/authentication

Notes

Users can be created locally on a Junos device. Each user must have a password set. This may be done with the plain-text-password keyword.

This can be misleading. This does not mean the password is stored in plain text. It means that you’re about to enter the password in plain text. Once the password is entered, it is encrypted and stored in config.

Additionally, each user needs to have a class set. Classes define the level of permissions the user has, such as what commands they can run.

There are several built-in classes, but custom classes are also supported.

  • operator
  • read-only
  • super-user
  • unauthorized
    In addition to local authentication, external authentication is also supported. This includes RADIUS and TACACS+ servers.
    More than one authentication server can be configured. If the first one is not working, then the next is the list is consulted.
    We can even configure local authentication as a fallback, in case the device can’t reach any external authentication server.

Common login class permissions include:

  • System – See system level information, including the configuration of the system hierarchy
  • View-configuration – Can view all the hierarchy (with some small exceptions)
  • Network – Access network commands (ping, traceroute, telnet, ssh)
  • Configure – Enable entering configuration mode
  • Firewall – Can view firewall configuration
  • Interface – Can view interface configuration

Command Summary

Command Mode Description
set system login user Configuration Create a new user
set system login user NAME class Configuration Set a user’s class
set system login class Configuration Create a new class
set system login class NAME permissions Configuration Assign permissions to a class
set system login class NAME allow-command Configuration Allows specific command
set system radius-server Configuration Configure a RADIUS server
set system authentication-order Configuration Set the method of authentication used, and optional fallback

Additional References

RADIUS Authentication

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/user-access-radius-authentication.html

Configure Juniper Switches for AAA with Microsoft NPS

Leave a Reply