Open as PDF
8–2 MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL
ACCESS USING TACACS+ CHAPTER 8: ACCESS USING TACACS+
8.1.2 TACACS+ Flow
TACACS works in conjunction with the local user list on the ML1200 software (operating
system). The process of authentication as well as authorization is shown in the flow chart
FIGURE 8–1: TACACS Authorization Flowchart
The above flow diagram shows the tight integration of TACACS+ authentication with the
local user-based authentication. There are two stages a user goes through in TACACS+. The
first stage is authentication where the user is verified against the network user database.
The second stage is authorization, where it is determined whether the user has operator
access or manager privileges.
8.1.3 TACACS+ Packet
Packet encryption is a supported and is a configurable option for the ML1200 software.
When encrypted, all authentication and authorization TACACS+ packets are encrypted and
are not readable by protocol capture and sniffing devices such as EtherReal or others.
Packet data is hashed and shared using MD5 and secret string defined between the
MultiLink ML1200 Managed Field Switch and the TACACS+ server.