Junos OS

Expand all | Collapse all

Tacacs server prioritization and verification

Jump to Best Answer
  • 1.  Tacacs server prioritization and verification

     
    Posted 07-24-2019 00:04

    Hello folks,

     

    I have multiple tacacs server configured on my device, I have some queries on the same:

    1. To which server the request is sent first?

    (Is it in the order I see it in the config?)

    2. If I want the access device to forward it to a particular tacacs of the lot, how do I do it?

    3. Once a tacacs server is added, how do I know that my device can forward requests to the new tacacs server added so as to verify if authentication and authorization is happening on the new one?

     

    Any commands etc, to check and understand above would be helpful.

     

    Thank you!

    -Nex



  • 2.  RE: Tacacs server prioritization and verification
    Best Answer

    Posted 07-24-2019 05:07

    Hello,

     


    @Nexon wrote:

    Hello folks,

     

    I have multiple tacacs server configured on my device, I have some queries on the same:

    1. To which server the request is sent first?

    (Is it in the order I see it in the config?)

     

    Yes

     


    @Nexon wrote:

     

    2. If I want the access device to forward it to a particular tacacs of the lot, how do I do it?

     


    In this device' configuration,  make sure the chosen server appears at the top under [edit system tacplus-server] stanza

     


    @Nexon wrote:

     

    3. Once a tacacs server is added, how do I know that my device can forward requests to the new tacacs server added so as to verify if authentication and authorization is happening on the new one?

     

    Capture the packets on this device with "monitor traffic interface blah-blah size 9999 no-resolve matching "tcp port 49" "

    and examine them. You could also use tcpdump from shell if You know how to do it (if not there are some references on this forum).

     


    @Nexon wrote:

     

    Any commands etc, to check and understand above would be helpful.

     

     


    Apart from capturing packets and examining them - nothing, I am afraid, not even traceoptions.

    You may be more lucky with commands/checks on the TACACS+ server itself.

    HTH

    Thx

    Alex



  • 3.  RE: Tacacs server prioritization and verification

     
    Posted 07-24-2019 05:18

    Alex,

     

    Thank you, how do I get the server added to appear in the top of the configuration?

     

    Edit 1:

     

    We can use "insert" "before/after" to change the order!

     

    -Nex