I only found Tacacs+ Authentication on EX2300. Is it possible to configure Tacacs+ Authentication but Destination is running Tacacs??I didn't see that EX2300 doesn't support Tacacs anymore in Pathfinder
Greetings, I am afraid that the answer is no, although I haven't tested it, a couple of reasons why:
Tt is not an option in Junos
root@Halo# set system authentication-order ?Possible completions:[ Open a set of valuespassword Traditional password authenticationradius Remote Authentication Dial-In User Servicetacplus TACACS+ authentication services
As you mentioned is not available in pathfinder
Now, even if you configure it and for some super rare reason it works, what happens if it breaks one day? TAC won't help if you are running a feature that is not supported.
Also In spite of its name, TACACS+ is an entirely new protocol.
TACAS uses both TCP and UDP but TACAS+ uses TCP this could be a major issue if they don't sync on the transport protocol.
And last but not least, TACACS security is way below the standards so I would highly recommend you move to TACACS+ or radius as soon as you can.
While the protocol itself has been described, there are a number of
other considerations worth mentioning.
First, the protocol carries the username and password in clear text
in either a single UDP packet or a TCP stream. As such, if an
attacker is capable of monitoring that data, the attacker could
capture username/password pairs. Implementations can take several
If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/
Lil DexxJNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB
I would suggest this is a question to ask Cisco. They should know backwards compatiability of TACACS and TACACS+. If I had to guess, I would expect they are backwards compatiable, and therefore any devices that support TACACS+ also supports TACACS, but not the opposite way around.
My 2 cents worth.