Tacacs; Tacacs+ Configuration Example - D-Link DWS-3000 Series Configuration Manual

Unified wired & wireless access system

Hide thumbs Also See for DWS-3000 Series:

User manual (266 pages)

Deployment manual (7 pages)

Configuration manual (61 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

page of 192

/ 192
Contents
Table of Contents
Bookmarks

Table of Contents

TACACS+

TACACS+ (Terminal Access Controller Access Control System) provides access control for

networked devices via one or more centralized servers. Similar to RADIUS, this protocol

simplifies authentication by making use of a single database that can be shared by many

clients on a large network. TACACS+ is based on the TACACS protocol described in

RFC1492. TACACS+ uses TCP to ensure reliable delivery and a shared key configured on the

client and daemon server to encrypt all messages.

After you configure TACACS+ as the authentication method for user login, the NAS

(Network Access Server) prompts for the user login credentials and requests services from the

DWS-3000 TACACS+ client. The client then uses the configured list of servers for

authentication, and provides results back to the NAS. You can configure the TACACS+ server

list with one or more hosts defined via their network IP address. You can also assign each a

priority to determine the order in which the TACACS+ client will contact them. TACACS+

contacts the server when a connection attempt fails or times out for a higher priority server.

You can configure each server host with a specific connection type, port, timeout, and shared

key, or you can use global configuration for the key and timeout.

Like RADIUS, the TACACS+ server can do the authentication itself, or redirect the request to

another back-end device. All sensitive information is encrypted and the shared secret is never

passed over the network - it is used only to encrypt the data.

TACACS+ Configuration Example

This example configures two TACACS+ servers at 10.10.10.10 and 11.11.11.11. Each server

has a unique shared secret key. The server at 10.10.10.10 has a default priority of 0, the highest

priority, while the other server has a priority of 2. A new authentication list called tacacsList is

created which uses TACACS+ to authenticate, and uses local authentication as a backup

method. This authentication list is then associated with the default login.

TACACS+ Configuration Example

133

Table of Contents

Tacacs; Tacacs+ Configuration Example - D-Link DWS-3000 Series Configuration Manual

TACACS+

TACACS+ Configuration Example

Related Manuals for D-Link DWS-3000 Series

Related Content for D-Link DWS-3000 Series

Table of Contents