1. Manuals
  2. Brands
  3. 3Com Manuals
  4. Network Router
  5. Router 3033
  6. Configuration manual

Chapter 2 Configuring Tacacs - 3Com 3033 Configuration Manual

For v1.20
Hide thumbs Also See for 3033:
Table of Contents

Advertisement

3Com Router Configuration Guide Addendum for V1.20

Chapter 2 Configuring TACACS+

TACACS+ is facilitated with AAA to control PPP, VPDN, and login access to routers.
CISCO ACS is the only application software that is supported.
Compared to RADIUS, TACACS+ features more reliable transmission and encryption,
and is more suitable for security control. The following table lists the primary
differences between TACACS+ and RADIUS protocols.
Table 2-1 Comparison between the TACACS+ protocol and the RADIUS protocol
TACACS+ protocol
Adopts TCP and hence can provide more reliable network
transmission.
Encrypts the entire main body of the packets except for
the standard TACACS+ header.
Supports separate authentication and authorization. For
example, you can use RADIUS for authentication but
TACACS+ for authorization.
If RADIUS is used for authentication before authorizing
with TACACS+, RADIUS is responsible for confirming
whether a user can be accepted, and TACACS+ is
responsible for the authorization.
Is well suited to security control.
Supports authorization before the configuration commands
on the Router can be used.
In a typical TACACS+ application, a dial-up or terminal user needs to log in the router
for operations. Working as the TACACS+ client in this case, the router sends the user
name and password to the TACACS+ server for authentication. After passing the
authentication and getting the authorization, the user can log in to the router to
perform operations, as shown in the following figure.
Terminal
Terminal user
Terminal
Terminal user
Terminal
ISDN\PSTN
ISDN\PSTN
ISDN\PSTN
ISDN\PSTN
ISDN\PSTN
Dial-up user
Dial-up
Dial-up
Dial-up user
Dial-up
Figure 2-2 Networking for a typical TACACS+ application
Adopts UDP.
Encrypts only the password field in the
authentication packets.
Processes authentication and authorization
together.
Is well suited to accounting.
Does not support authorization before
configuration.
Router
Router
Router
Router
Router
HWTACACS client
HWTACACS client
HWTACACS client
HWTACACS client
HWTACACS client
17
RADIUS protocol
HWTACACS server
HWTACACS server
HWTACACS server
HWTACACS server
HWTACACS server
129.7.66.66
129.7.66.66
129.7.66.66
129.7.66.66
129.7.66.66
HWTACACS server
HWTACACS server
HWTACACS server
HWTACACS server
HWTACACS server
129.7.66.67
129.7.66.67
129.7.66.67
129.7.66.67
129.7.66.67

Advertisement

Table of Contents
loading

Related Manuals for 3Com 3033

Related Content for 3Com 3033

This manual is also suitable for:

3012

Table of Contents