Filter
Top Products
TACACS+ Commands 763
34
TACACS+ Commands
TACACS+ provides access control for networked devices via one or more
centralized servers, similar to RADIUS this protocol simplifies authentication
by making use of a single database that can be shared by many clients on a
large network. TACACS+ is based on the TACACS protocol (described in
RFC1492) but additionally provides for separate authentication,
authorization and accounting services. The original protocol was UDP based
with messages passed in clear text over the network; TACACS+ uses TCP to
ensure reliable delivery and a shared key configured on the client and daemon
server to encrypt all messages.
PowerConnect supports authentication of a user using a TACACS+ server.
When TACACS+ is configured as the authentication method for a user login
type (CLI/HTTP/HTTPS), the NAS will prompt for the user login credentials
and request services from the TACACS+ client; the client will then use the
configured list of servers for authentication and provide results back to the
NAS. The TACACS+ server list is configured with one or more hosts defined
via their network IP address; each can be assigned a priority to determine the
order in which the TACACS+ client will contact them, a server is contacted
when a connection attempt fails or times out for a higher priority server. Each
server host can be separately configured with a specific connection type, port,
time-out, and shared key, or the global configuration may be used for the key
and time-out. Like RADIUS, the TACACS+ server may do the
authentication itself, or redirect the request to another back-end device, all
sensitive information is encrypted and the shared secret is never passed over
the network.
Commands in this Chapter
This chapter explains the following commands:
key tacacs-server host
port tacacs-server key
priority tacacs-server timeout
2CSPC4.X8100-SWUM102.book Page 763 Friday, March 15, 2013 8:56 AM