View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  tacacs+ cli auth with Cisco ACS 5.x

    Posted 10-10-2012 06:18

    I want to implement CLI authentication via tacacs+ on Cisco ACS 5.3 server. I follow  KB17269, and i can successfull auth with Cisco ACS user, but also I can auth with local SRX users (in this time at ACS logs I can see that user "root" is not finded in identity stores, and access denied). But I want to do, that local users can auth only if tacacs+ server is unreachable (like it work in Cisco equipment). Is the any solution?


  • 2.  RE: tacacs+ cli auth with Cisco ACS 5.x
    Best Answer

    Posted 10-10-2012 09:39



    do you have 'system authentication-order tacplus password' ? Remove the 'password.


    Please note the difference (password explicitly configured/not configured):

    More reading at See note at the end (pre/post Junos 10.0 behavior)