TACACS+ (Terminal Access Controller Access-Control System Plus) as external authentication,
authorization and accounting servers.
Figure 397 AAA Server
Client
14.10.1 Local User Accounts
By storing user profiles locally on the system, your system is able to authenticate and authorize
users without interacting with a network authentication server. However, there is a limit on the
number of users you may authenticate in this way.
14.10.2 RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an external
server instead of (or in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate
an unlimited number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
Table 310 RADIUS vs. TACACS+
Transport Protocol
Encryption
14.10.3 Authentication and Accounting Setup
Click Sys > AAA to display the following screen. Use this screen to configure authentication and
accounting settings.
To enable authentication, first, configure your authentication server settings (RADIUS, TACACS+ or
both) and then set up the authentication priority, authorization, and accounting settings.
Management Switch Card User's Guide
RADIUS
UDP (User Datagram Protocol)
Encrypts the password sent for
authentication.
Auth Server
TACACS+
TCP (Transmission Control Protocol)
All communication between the client (the MSC)
and the TACACS server is encrypted.
Chapter 14 Sys Screens
577