Re: [j-nsp] M-Series Authentication via Tacacs and authorization via local class
Dear Masood,
Thanks for the reply. I have tested and solution is working.
Regards.
Aamir
On Sat, Oct 11, 2008 at 8:41 PM, Masood Ahmad Shah [EMAIL PROTECTED]wrote:
When you are using RADIUS or TACACS+ authentication, you can create single
accounts (for authorization purposes) that are shared by a set of users.
http://www.juniper.net/techpubs/software/junos/junos57/swconfig57-getting-st
arted/html/sys-mgmt-authentication4.html#1039222
HTH
Regards,
Masood Ahmad Shah
BLOG: http://www.weblogs.com.pk/jahil
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aamir Saleem
Sent: Friday, September 26, 2008 11:18 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] M-Series Authentication via Tacacs and authorization via
local class
Hello,
I want to configure local configured users must authenticate from TACACS+
server first and local authentication have second priority. Authorization
of
commands must be permitted from local account configured on M-Series
routers. Do any body have any idea how to accomplish this. I have following
class and user configured on M-Series for authorization purpose.
class superuser-local {
idle-timeout 5;
permissions all;
deny-commands (file delete)|(clear log);
deny-configuration system login;
}
user noc {
uid 2018;
class superuser-local;
Authentication order
authentication-order [ tacplus password ];
Thanks
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Limitation Aggreate Ethernet T-series
Hi all, The maximum number of AE that we can set on the chassis is 128, but is there any limitations for some kind of FPC or PIC ? If not, Why this number is configurable ? Thanks, Regards, David * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] erx radius dictionary
Hello all, somebody have the radius dictionary for erx in FreeRadius format ? Thanks in advance. ./diogo -montagner ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] erx radius dictionary
Sorry guys :-( I found it on file dictionary.erx. Thanks. ./diogo -montagner On Mon, Oct 13, 2008 at 4:09 PM, Diogo Montagner [EMAIL PROTECTED]wrote: Hello all, somebody have the radius dictionary for erx in FreeRadius format ? Thanks in advance. ./diogo -montagner ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] M10i Junos 8.0
Is there a default rate limit on packets destined to the RE ? I've got terribly sluggish CLI on one of my boxes, but nothing jumps out as the possible cause. No ddos against the router's interfaces, netflow sampling has been turned off, etc... Load and cpu usage are both very low as checked by snmp and the CLI. WKH ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] NTP on MX - time zone???
Does anyone know why MX won't pick up the right time zone. I synced it up to an NTP server but the time is off...I'm on 9.2. [EMAIL PROTECTED] run show system uptime Current time: 2008-10-13 23:21:02 UTC System booted: 2008-10-13 19:20:42 UTC (04:00:20 ago) Protocols started: 2008-10-13 19:21:20 UTC (03:59:42 ago) Last configured: 2008-10-13 22:16:56 UTC (01:04:06 ago) by admin 11:21PM up 4 hrs, 2 users, load averages: 0.05, 0.04, 0.00 [edit] [EMAIL PROTECTED] show system time-zone time-zone Americas/LosAngeles; my time is 16:21 [edit] [EMAIL PROTECTED] show system ntp server 64.247.17.253 prefer; server 216.129.104.26; [edit] [EMAIL PROTECTED] run show ntp status status=0654 leap_none, sync_ntp, 5 events, event_peer/strat_chg, version=ntpd 4.2.0-a Thu Aug 7 05:46:06 UTC 2008 (1), processor=i386, system=JUNOS9.2R1.10, leap=00, stratum=3, precision=-21, rootdelay=190.540, rootdispersion=62.807, peer=4036, refid=64.247.17.253, reftime=cc9e55fe.7879a235 Mon, Oct 13 2008 23:19:26.470, poll=8, clock=cc9e5669.af3864a4 Mon, Oct 13 2008 23:21:13.684, state=4, offset=2.976, frequency=-55.265, jitter=3.836, stability=0.015 Thanks, Marlon ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Netscreen mailing list?
It seems the old qorbit nn list is no more. Where do all the netscreen types hang out these days? I don't see a netscreen specific list on puck. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NTP on MX - time zone???
NTP is time-zone agnostic - it works on UTC. You need to configure the time-zone on your MX. Paul Goyette Juniper Networks Customer Service JTAC Senior Escalation Engineer Juniper Security Incident Response Team PGP Key ID 0x53BA7731 Fingerprint: FA29 0E3B 35AF E8AE 6651 0786 F758 55DE 53BA 7731 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marlon Duksa Sent: Monday, October 13, 2008 4:23 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] NTP on MX - time zone??? Importance: High Does anyone know why MX won't pick up the right time zone. I synced it up to an NTP server but the time is off...I'm on 9.2. [EMAIL PROTECTED] run show system uptime Current time: 2008-10-13 23:21:02 UTC System booted: 2008-10-13 19:20:42 UTC (04:00:20 ago) Protocols started: 2008-10-13 19:21:20 UTC (03:59:42 ago) Last configured: 2008-10-13 22:16:56 UTC (01:04:06 ago) by admin 11:21PM up 4 hrs, 2 users, load averages: 0.05, 0.04, 0.00 [edit] [EMAIL PROTECTED] show system time-zone time-zone Americas/LosAngeles; my time is 16:21 [edit] [EMAIL PROTECTED] show system ntp server 64.247.17.253 prefer; server 216.129.104.26; [edit] [EMAIL PROTECTED] run show ntp status status=0654 leap_none, sync_ntp, 5 events, event_peer/strat_chg, version=ntpd 4.2.0-a Thu Aug 7 05:46:06 UTC 2008 (1), processor=i386, system=JUNOS9.2R1.10, leap=00, stratum=3, precision=-21, rootdelay=190.540, rootdispersion=62.807, peer=4036, refid=64.247.17.253, reftime=cc9e55fe.7879a235 Mon, Oct 13 2008 23:19:26.470, poll=8, clock=cc9e5669.af3864a4 Mon, Oct 13 2008 23:21:13.684, state=4, offset=2.976, frequency=-55.265, jitter=3.836, stability=0.015 Thanks, Marlon ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Netscreen mailing list?
Juniperforum.com is a decent place to chat it up with other netscreen users. -Tim Eberhard On Mon, Oct 13, 2008 at 6:35 PM, Janet Sullivan [EMAIL PROTECTED] wrote: It seems the old qorbit nn list is no more. Where do all the netscreen types hang out these days? I don't see a netscreen specific list on puck. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Netscreen mailing list?
www.netscreenforum.com Also known as www.juniperforum.com Check it out there is good stuff on there. On 10/13/08, Janet Sullivan [EMAIL PROTECTED] wrote: It seems the old qorbit nn list is no more. Where do all the netscreen types hang out these days? I don't see a netscreen specific list on puck. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Sent from Gmail for mobile | mobile.google.com Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NTP on MX - time zone???
Date: Mon, 13 Oct 2008 16:23:18 -0700 From: Marlon Duksa [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Does anyone know why MX won't pick up the right time zone. I synced it up to an NTP server but the time is off...I'm on 9.2. [EMAIL PROTECTED] run show system uptime Current time: 2008-10-13 23:21:02 UTC System booted: 2008-10-13 19:20:42 UTC (04:00:20 ago) Protocols started: 2008-10-13 19:21:20 UTC (03:59:42 ago) Last configured: 2008-10-13 22:16:56 UTC (01:04:06 ago) by admin 11:21PM up 4 hrs, 2 users, load averages: 0.05, 0.04, 0.00 [edit] [EMAIL PROTECTED] show system time-zone time-zone Americas/LosAngeles; my time is 16:21 ??? That's not a valid time-zone. I think you want time-zone America/Los_Angeles (note the underscore and that America is not plural). -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpGvmYEMcuMz.pgp Description: PGP signature ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Limitation Aggreate Ethernet T-series
Hi David, As I know, there is no any interface limitation of AE but some SFP, IQ specific features not supported on AE. For more detail information, check below link http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-network-interfaces/id-12190637.html#id-12190637 Regards, Hangu On Mon, Oct 13, 2008 at 7:51 PM, [EMAIL PROTECTED] wrote: Hi all, The maximum number of AE that we can set on the chassis is 128, but is there any limitations for some kind of FPC or PIC ? If not, Why this number is configurable ? Thanks, Regards, David * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Limitation Aggreate Ethernet T-series
Thanks Hangu. David De : Hangu Jeong [mailto:[EMAIL PROTECTED] Envoyé : mardi 14 octobre 2008 03:40 À : ROY David DTF/DERX Cc : juniper-nsp@puck.nether.net Objet : Re: [j-nsp] Limitation Aggreate Ethernet T-series Hi David, As I know, there is no any interface limitation of AE but some SFP, IQ specific features not supported on AE. For more detail information, check below link http://www.juniper.net/techpubs/software/junos/junos84/swconfig84-network-interfaces/id-12190637.html#id-12190637 Regards, Hangu On Mon, Oct 13, 2008 at 7:51 PM, [EMAIL PROTECTED] wrote: Hi all, The maximum number of AE that we can set on the chassis is 128, but is there any limitations for some kind of FPC or PIC ? If not, Why this number is configurable ? Thanks, Regards, David * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp * This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not the intended addressee of this message, please cancel it immediately and inform the sender. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] NTP on MX - time zone???
Yep, that's it. I correct the wording and it works now. I wonder why Junos doesn't complain when you commit an invalid command entry?? On Mon, Oct 13, 2008 at 5:16 PM, Kevin Oberman [EMAIL PROTECTED] wrote: Date: Mon, 13 Oct 2008 16:23:18 -0700 From: Marlon Duksa [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Does anyone know why MX won't pick up the right time zone. I synced it up to an NTP server but the time is off...I'm on 9.2. [EMAIL PROTECTED] run show system uptime Current time: 2008-10-13 23:21:02 UTC System booted: 2008-10-13 19:20:42 UTC (04:00:20 ago) Protocols started: 2008-10-13 19:21:20 UTC (03:59:42 ago) Last configured: 2008-10-13 22:16:56 UTC (01:04:06 ago) by admin 11:21PM up 4 hrs, 2 users, load averages: 0.05, 0.04, 0.00 [edit] [EMAIL PROTECTED] show system time-zone time-zone Americas/LosAngeles; my time is 16:21 ??? That's not a valid time-zone. I think you want time-zone America/Los_Angeles (note the underscore and that America is not plural). -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
