D-Link DI-1750 Reference Manual page 358

8.3.4 Set TACACS+ Encryption Key
To set the TACACS+ authentication key and encryption key, use the following command in global
configuration mode:
tacacs key keystring
[DEFAULT@Router /config/]#tacacs
Key Word:
U(undo) D(default)
(00)server
(01)key
(02)timeout
Please Input the code of command to be excute(0-2): 1
Key Word:
Q(quit)
(00)WORD
Please Input the code of command to be excute(0-0): 0
Please input a string:dlink (Input TACACS+ key string)
Will you excute it? (Y/N):y
Note: You must configure the same key on the TACACS+ server for encryption to be successful.
1. Specify TACACS+ Authentication
After you have identified the TACACS+ daemon and defined an associated TACACS+ encryption key,
you need to define method lists for TACACS+ authentication. Because TACACS+ authentication is
operated via AAA, you need to set aaa authentication command, specifying TACACS+ as the
authentication method. For more information, refer to the "Configuring Authentication" chapter.
AAA authorization enables you to set parameters that restrict a user's network access. Authorization via
TACACS+ may be applied to commands, network connections, and EXEC sessions. Because
TACACS+ authorization is facilitated through AAA, you need to issue the config-aaa authorization
command, specifying TACACS+ as the authorization method. For more information, refer to the
"Configuring Authorization" chapter.
2. Specify TACACS+ Accounting
AAA accounting enables you to track the services users are accessing as well as the amount of
network resources they are consuming. Because TACACS+ accounting is facilitated through AAA, you
need to issue the aaa accounting command, specifying TACACS+ as the accounting method. For
more information, refer to the "Configuring Accounting" chapter.
8.3.5 TACACS+ Configuration Examples
1. TACACS+ Authentication Examples
The following example configures TACACS+ as the security protocol to be used for PPP authentication:
aaa authentication ppp test tacacs+ local
tacacs server 1.2.3.4
tacacs key testkey
interface serial 1/1
ppp authentication chap pap test
In this example:
aaa authentication command defines a method list, "test," to be used on serial interfaces running PPP.
The keyword tacacs+ means that authentication will be done through TACACS+. If TACACS+ returns
an ERROR of some sort during authentication, the keyword local indicates that authentication will be
attempted using the local database on the network access server.
Command
Q(quit)
Config TACACS+ server
Default TACACS+ key
Config session timeout value
TACACS+ key (max 31 character)
Model Name
Purpose
Set the encryption key to match that used on the
TACACS+ server.
- 356 -