Juniper vSRX Configuration prepare juniper vsrx for tacacs and test

  1. Homepage
  2. Documentation
  3. Device Configuration
  4. Juniper
  5. Juniper vSRX
  6. Juniper vSRX Configuration

Add Juniper vSRX Virtual Firewall to TacacsGUI. Junos 18.x Configuration

Section Content

Juniper Device Configuration

Prepare a device.

configure
set interfaces ge-0/0/0 unit 0 family inet address interface ip address/prefix
set security zones security-zone trust interfaces ge-0/0/0
set security zones security-zone trust host-inbound-traffic system-services all
set routing-options static route 0.0.0.0/0 next-hop default gateway;!in case if tacacsgui inside of another network
commit
quit

Test communication to tacacs server.

ping 10.6.20.10
PING 10.6.20.10 (10.6.20.10): 56 data bytes
64 bytes from 10.6.20.10: icmp_seq=0 ttl=62 time=4.525 ms
64 bytes from 10.6.20.10: icmp_seq=1 ttl=62 time=4.623 ms
64 bytes from 10.6.20.10: icmp_seq=2 ttl=62 time=4.613 ms
64 bytes from 10.6.20.10: icmp_seq=3 ttl=62 time=4.451 ms
^C
--- 10.6.20.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.451/4.553/4.623/0.070 ms

Tacacs Server Configuration

configure
# accounting settings
edit system accounting
  set events [ change-log interactive-commands login ] # you can set all available settings
  edit destination tacplus
    set server tacgui ip address secret pre-shared key source-address ip address of that device
    quit
  quit
# define local user account
edit system login
  set user developer uid 101 class super-user # that username must define in Local User Name
  quit
# add authentication server
edit system tacplus-server
  set tacgui ip address secret pre-shared key source-address ip address of that device timeout 3
  quit
set system authentication-order [ tacplus password ]
commit

Auth with Tacacs user

In the example below user can execute only some show commands.

login as: user_jun
Using keyboard-interactive authentication.
Welcome  Home!
Password:
--- JUNOS 18.2R1.9 Kernel 64-bit  JNPR-11.0-20180614.6c3f819_buil
user_jun> ?
Possible completions:
  show                 Show system information
user_jun> show version brief
Model: vsrx
Junos: 18.2R1.9
JUNOS OS Kernel 64-bit  
...
user_jun> show system processes brief
last pid: 25453;  load averages:  0.86,  0.82,  1.00  up 0+01:03:22    15:52:44
206 processes: 2 running, 203 sleeping, 1 waiting
Author: Alexey Mochalin; Created at: 2018-12-20 21:19:48; Updated at: 2018-12-21 18:49:08