17
Configuring TACACS+
318
•
RADIUS
•
Port Security
•
802.1X Authentication
Protection from other network users is described in the following sections. These are attacks
that pass through, but are not directed at, the device.
•
Denial of Service Prevention
•
SSL Server
•
Storm Control
•
Port Security
•
IP Source Guard
•
ARP Inspection
•
Access Control
•
First Hop Security
An organization can establish a Terminal Access Controller Access Control System
(TACACS+) server to provide centralized security for all of its devices. In this way,
authentication and authorization can be handled on a single server for all devices in the
organization.
The device can act as a TACACS+ client that uses the TACACS+ server for the following
services:
•
Authentication—Provides authentication of users logging onto the device by using
usernames and user-defined passwords.
•
Authorization—Performed at login. After the authentication session is completed, an
authorization session starts using the authenticated username. The TACACS+ server
then checks user privileges.
•
Accounting—Enable accounting of login sessions using the TACACS+ server. This
enables a system administrator to generate accounting reports from the TACACS+
server.
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
Security
Configuring TACACS+