Junos
Highlighted
Junos

Tacacs server prioritization and verification

‎07-24-2019 12:04 AM

Hello folks,

 

I have multiple tacacs server configured on my device, I have some queries on the same:

1. To which server the request is sent first?

(Is it in the order I see it in the config?)

2. If I want the access device to forward it to a particular tacacs of the lot, how do I do it?

3. Once a tacacs server is added, how do I know that my device can forward requests to the new tacacs server added so as to verify if authentication and authorization is happening on the new one?

 

Any commands etc, to check and understand above would be helpful.

 

Thank you!

-Nex

2 REPLIES 2
Highlighted
Junos
Solution
Accepted by topic author Nexon
‎07-29-2019 02:53 AM

Re: Tacacs server prioritization and verification

‎07-24-2019 05:07 AM

Hello,

 


@Nexon wrote:

Hello folks,

 

I have multiple tacacs server configured on my device, I have some queries on the same:

1. To which server the request is sent first?

(Is it in the order I see it in the config?)

 

Yes

 


@Nexon wrote:

 

2. If I want the access device to forward it to a particular tacacs of the lot, how do I do it?

 


In this device' configuration,  make sure the chosen server appears at the top under [edit system tacplus-server] stanza

 


@Nexon wrote:

 

3. Once a tacacs server is added, how do I know that my device can forward requests to the new tacacs server added so as to verify if authentication and authorization is happening on the new one?

 

Capture the packets on this device with "monitor traffic interface blah-blah size 9999 no-resolve matching "tcp port 49" "

and examine them. You could also use tcpdump from shell if You know how to do it (if not there are some references on this forum).

 


@Nexon wrote:

 

Any commands etc, to check and understand above would be helpful.

 

 


Apart from capturing packets and examining them - nothing, I am afraid, not even traceoptions.

You may be more lucky with commands/checks on the TACACS+ server itself.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Junos

Re: Tacacs server prioritization and verification

[ Edited ]
‎07-24-2019 05:18 AM

Alex,

 

Thank you, how do I get the server added to appear in the top of the configuration?

 

Edit 1:

 

We can use "insert" "before/after" to change the order!

 

-Nex

Feedback