Contributor II

Juniper EX3400 TACACS Accounting Issue

I am not sure if anyone is familiar with Juniper here, but I am having trouble enabling accounting on Clearpass 6.7.0 for Juniper EX3400 switches.


I have TACACS Authentication working for the EX3400s, so I'm not sure that Clearpass is the issue, but I do not show any accounting.

I have Authentication and Accounting working succesfully for Cisco and Aruba products.

I feel like I am missing something on the Juniper side, but there is a chance I am missing something on the Clearpass side. 

My Juniper Config looks like this: {
port 49;
secret "***"; ## SECRET-DATA
timeout 30;

events [ login change-log interactive-commands ];
destination {
tacplus {
server { {
secret "***"; ## SECRET-DATA

class RW-CLASS {
idle-timeout 15;
permissions all;

user JUNOS-RW {
uid 2101;
class RW-CLASS;


Where is the switch ip, is the Clearpass. 

The jist of my clearpass config looks like this, I know I get the correct role, so enforcement profile is where I would assume the issue is?
Screen Shot 2018-11-02 at 2.35.03 PM.pngScreen Shot 2018-11-02 at 2.35.22 PM.png



Super Contributor II

Re: Juniper EX3400 TACACS Accounting Issue

The configuration looks fine. Are you sourcing the accounting data from the same source IP as the authentication requests? Have you run a PCAP to see if the accounting data is send from the switch?



Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Contributor II

Re: Juniper EX3400 TACACS Accounting Issue

It is sourced from the same ip as the authentication. 

I have not run a packet capture yet but that was going to be my next step if my configuration was correct. So it sounds like that's where I am going next. Thanks for your validation

Search Airheads
Showing results for 
Search instead for 
Did you mean: