Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] How to configure read-write and read-only remote user access on EX4200/3200 via Radius authentication for CLI and J-Web

0

0

Article ID: KB17043 KB Last Updated: 05 Mar 2017Version: 2.0
Summary:
This article provides information on how to configure read-write and read-only remote user access on EX4200/3200 via Radius authentication for CLI and J-Web.
Symptoms:
  • By default, all users that logon to the switch via Radius authentication will have the access level of a remote user.

  • What are the exact Service Type attributes that have to be returned by Radius to an EX4200 device, specifically for a read-only user and for a read/write user?

  • This is for Telnet, SSH, J-Web, and CLI access to administer the EX4200 device.
Cause:

Solution:
This can be achieved by using Radius authorization with the juniper-local-user-name, which is configured for users with different access levels:
#set system login user lame class read-only
#set system login user super class super-user
Now, for any user, after successful authentication, the return VSA Juniper-Local-User-Name can be used and the value is either super or lame; depending on the required access level needed. The VSA attribute should be returned by the Radius server.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search