• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Netscreen auth via TACACS

C

Cooky

Golden Member
Has anyone done authentication through TACACS on Netscreen ISG firewalls?

We could only get it to work on the root vsys, but not the other ones.
In the custom attribute within ACS, this is what we have:
vsys=root
privilege=root

What do we need to do to get tacacs to work in all the other vsys' as well?

Did a search on Google and Juniper's KB, and all of the examples only show you how to do a single vsys (root).
 
Linux or windows ACS? I was told in a recent Cisco training class(I haven't confirmed) that the linux version (appliance is linux based) is limited when it comes to role based security, at least its that way on the nexus platform.

For example with the nexus 5k series it supports ethernet and FCOE (and fibre channel I'm pretty sure) and you can assign someone to a role of FC admin or just ethernet admin or all admin.

I'm rambling, but just trying to say it may not be possible, you may just be able to do a single account type
 
We have ACS appliances, and you're correct that they're Linux based. (CentOS)
If you happen to have a link, or have time to review your training course material, could you please post exactly what you meant about the limitation about role based security?
Also what training class was it? Was it an ACS or Nexus 5k training?
We're looking at Nexus 7K and 5K's for our new datacenter, so want to know what caveats are out there.

We've been able to use our ACS appliances to do some role based authentication for Cisco's MDS, WLC, WCS, and PacketShaper (Bluecoat/Packeteer).
Like I said we can log into the root vsys, but just can't get it to work for the other vsys'.
We'll open a case w/ JTAC to see what they say.
I hope they won't point the finger at ACS and say it's not a Juniper product therefore not supported.
 
On the high speed LAN within the datacenter it doesn't matter that much, but we have devices in remote locations, so we prefer TCP over UDP.
Even w/ RADIUS I think we'd still have to define custom attributes to make ACS understand the RADIUS messages to know what role to put the user in, etc.
 
Cooky said:
We have ACS appliances, and you're correct that they're Linux based. (CentOS)
If you happen to have a link, or have time to review your training course material, could you please post exactly what you meant about the limitation about role based security?
Also what training class was it? Was it an ACS or Nexus 5k training?
We're looking at Nexus 7K and 5K's for our new datacenter, so want to know what caveats are out there.

We've been able to use our ACS appliances to do some role based authentication for Cisco's MDS, WLC, WCS, and PacketShaper (Bluecoat/Packeteer).
Like I said we can log into the root vsys, but just can't get it to work for the other vsys'.
We'll open a case w/ JTAC to see what they say.
I hope they won't point the finger at ACS and say it's not a Juniper product therefore not supported.
Click to expand...

It was the implementing cisco datacenter. The CCIE that taught the class just said as side note that the linux version didnt do role based authentication. We arent a large enough IT dept (4 sys engineers) to need role based auth so I havent tested it.

We do have the full nexus line save for the nexus 1000 virtual switch and so far we like them, its like sanOS married IOS and had a bastard child 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top