Filter
Top Products
Chapter
7
7 – Access Using TACACS+
Using a TACACS+ server to authenticate access….
ACACS+, short for Terminal Access Controller Access Control System, protocol provides
access control for routers, network access servers and other networked computing devices via
one or more centralized servers. TACACS+ provides separate authentication, authorization
and accounting services.
T
TACACS – flavors and history
TACACS allows a client to accept a username and password and send a query to
a TACACS authentication server, sometimes called a TACACS daemon (server)
or simply TACACSD. This server was normally a program running on a host.
The host would determine whether to accept or deny the request and sent a response back.
j
The TACACS+ protocol is the latest generation of TACACS. TACACS is a simple UDP based
access control protocol originally developed by BBN for the MILNET (Military Network).
Cisco’s enhancements to TACACS are called XTACACS. XTACACS is now replaced by
TACACS+. TACACS+ is a TCP based access control protocol. TCP offers a reliable connection-
oriented transport, while UDP offers best-effort delivery.
TACACS+ improves on TACACS and XTACACS by separating the functions of
authentication, authorization and accounting and by encrypting all traffic between the Network
Access Server (NAS) and the TACACS+ clients or services or daemon. It allows for arbitrary
length and content authentication exchanges, which allows any authentication mechanism to be
utilized with TACACS+ clients. The protocol allows the TACACS+ client to request very fine-
grained access control by responding to each component of a request.
The Magnum 6K family of switches implements a TACACS+ client.
1. TACACS+ servers and daemons use TCP Port 49 for listening to client
requests. Clients connect to this port number to send authentication and
authorization packets.
2. There can be more than one TACACS+ server on the network. MNS-
6K supports a maximum of five TACACS+ servers
87