Authentication

Local Logins

Create a local user:

set system login user test-admin authentication plain-text-password

This is confusing - this doesnt tell it to store is unencrypted, its just how its typed in. JunOS will encrypt the password.

You then need to set the login class which is the level of permissions the user has:

set system login user test-admin class super-user

-Operator - good for level 2 support -Read-Only -Super-user -Unauthorized

View the config with

show system login

Create a class:

set system login class NAME

set system login class NAME permission PERMISSIONS

set system login class name allow-commands REGEX

Allow a class to use the configure command:

set allow-commands "(configure)"
set allow-configuration "(interfaces)|(vlans)"

Then you have to assign your class to a user.

JunOS supports RADIUS and TACACS.

RADIUS Sever:

set system radius-server 10.16.162.38 port 1812 secret P@$$word source-address 192.168.200.250

(source address is optional)

Configure Fallback:

set system authentication-order [ radius password ]