Filter
Top Products
8–2 MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL
ACCESS USING TACACS+ CHAPTER 8: ACCESS USING TACACS+
8.1.2 TACACS+ Flow
TACACS works in conjunction with the local user list on the ML1200 software (operating
system). The process of authentication as well as authorization is shown in the flow chart
below.
FIGURE 8–1: TACACS Authorization Flowchart
The above flow diagram shows the tight integration of TACACS+ authentication with the
local user-based authentication. There are two stages a user goes through in TACACS+. The
first stage is authentication where the user is verified against the network user database.
The second stage is authorization, where it is determined whether the user has operator
access or manager privileges.
8.1.3 TACACS+ Packet
Packet encryption is a supported and is a configurable option for the ML1200 software.
When encrypted, all authentication and authorization TACACS+ packets are encrypted and
are not readable by protocol capture and sniffing devices such as EtherReal or others.
Packet data is hashed and shared using MD5 and secret string defined between the
MultiLink ML1200 Managed Field Switch and the TACACS+ server.
754716A1.CDR
Login
Userin Local
UserList?
Yes
IsUser Manager?
Yes
LoginasManager
LoginasOperator
No
No
TACACS+Enabled?
No
Logout
Yes
Authentication
failure
Logout
Authenticated
TACACS+
authorization
Authorizedas
Operatoror
Authorizationfailure
Authorizedas
Manager
LoginasManager
Start
Additional
Servers?
Logout
Connectionfailure
No
Yes
Connectto
TACACSserverto
authenticate
LoginasOperator
Additional
Servers?