Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1823
Views
0
Helpful
1
Replies

Juniper Junos command authorization with ISE TACACS

TCPuniverse
Level 1
Level 1

‎04-13-2023 01:47 AM

Hey.

I want to set allowed or denied commands on Juniper routers and switches while users are authenticated/authorized with Cisco ISE 3.1. 

This is possible to define local "allow-commands" or "deny-commands" and use user classes locally on juniper devices, and return only the class of the user from ISE TACACS server to the device, so the device use that returned class info to map the client with the local class and allows and denies the commands as defined locally on juniper device. But, what I want is using ISE attributes to define and return the allow or denied commands to the Juniper devices, rather than configuring them locally on the Juniper devices. There is a link on Juniper website explaining the attributes needed to be defined on the TACACS+, but when I tried to use the syntaxes explained on the documents, ISE gave errors stating the values were not valid. 

https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/user-access-tacacs-authentication.html

So, long story short, do you know how I can accomplish this task?

regards.

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎04-13-2023 04:15 AM

check below thread may help you :

https://community.cisco.com/t5/network-access-control/cisco-ise-2-6-and-juniper-device-administration/td-p/4088287

still issue you need to provide some more information what config you applied in Junos and  what logs you see on ISE ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents