D-Link DI-1750 Reference Manual page 356

2. PAP & CHAP Mode Authentication
A PAP login is similar to an ASCII login, except that the username and password arrive at the network
access server in a PAP protocol packet instead of being typed in by the user, so the user is not
prompted. PPP CHAP logins are also similar in principle. Following authentication, the user will also be
required to undergo an additional authorization phase, if authorization has been enabled on the
network access server. Users must first successfully complete TACACS+ authentication before
proceeding to TACACS+ authorization.
If TACACS+ authorization is required, the TACACS+ service program is again contacted and it returns
an ACCEPT or REJECT authorization response. If an ACCEPT response is returned, the response will
contain data in the form of attributes that are used to direct the EXEC or NETWORK session for that
user, determining services that the user can access.
8.3.3 TACACS+ Configuration Process
To configure your router to support TACACS+, you must perform the following tasks:
Use the tacacs-server command to specify the IP address of one or more TACACS+ server. Use the
config-tacacs key command to specify an encryption key that will be used to encrypt all exchanges
between the network access server and the TACACS+ server. This same key must also be configured
on the TACACS+ service program.
Use the aaa authentication global configuration command to define method lists that use TACACS+ for
authentication. For more information about using the aaa authentication command, refer to the
"Configuring Authentication" chapter.
Use line and interface commands to apply the defined method lists to various interfaces. For more
information, refer to the "Configuring Authentication" chapter.
1. Specify A TACACS+ Server
tacacs server command enables you to specify the names of the IP host or hosts maintaining a
TACACS+ server. Because the TACACS+ software searches for the hosts in the order specified, this
feature can be useful for setting up a list of preferred servers. To specify a TACACS+ host, use the
following command in global configuration mode:
tacacs
[single-connection|
multi-connection]
[timeout integer] [key string]
[DEFAULT@Router /config/]#tacacs
Key Word:
U(undo) D(default)
(00)server
(01)key
(02)timeout
Please Input the code of command to be excute(0-2): 0
Key Word:
Q(quit)
(00)A.B.C.D
Please Input the code of command to be excute(0-0): 0
Please input a IP Address:10.0.0.1 （Input TACACS+ host IP address）
Key Word:
Q(quit)
......
(03)single-connect
(04)multi-connect
(05)<cr>
Please Input the code of command to be excute(0-5): 3
Command
server ip-address
[port
integer]
Q(quit)
Config TACACS+ server
Default TACACS+ key
Config session timeout value
TACACS+ host IP address
Through single TCP connection
Through single TCP connection
Model Name
Purpose
Specify the IP address and correlative attribute of
TACACS+ server.
- 354 -