Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
1
Helpful
1
Replies

Is it possible to control the juniper command through ise

kiwonkwon8969
Level 1
Level 1

‎02-12-2025 09:38 PM

With ISE 3.2, I want to control command of juniper equipment using TACACS.

Juniper uploaded vMX virtually.

When I conducted the test, it was not controlled normally.

When testing with existing Cisco equipment, each time you enter a command, you are authenticated, but Juniper is authenticated once you log in and does not authenticate the command.

I wonder if this is the result of the difference between vendors.

1 Reply 1

Torbjørn
VIP
VIP

‎02-13-2025 12:59 AM

Juniper is not my strongest area, so take this with a grain of salt.

Juniper devices authenticate users upon login and map the user to a locally defined user with corresponding locally defined authorization rules/privilege level. If you wish to control authorization through ISE you can define juniper-specific TACACS attributes and have the router request authorization from ISE immediately after login. Unlike Cisco devices that authorise every single command with ISE junos will only do this once per session.

You can read more about this here: https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/user-access-tacacs-authentication.html 

This section is especially relevant: https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/user-access-tacacs-authentication.html#d59e542 

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful
Customers Also Viewed These Support Documents