Table of Contents
Advertisement
Configuring the Available Interfaces
Information About TACACS+ Authentication, Authorization, and Accounting
•
•
•
•
•
•
TACACS+ Authentication, Authorization, and Accounting
TACACS+ is a security application that provides centralized authentication of users attempting to gain
access to a network element. The implementation of TACACS+ protocol allows customers to configure
one or more authentication servers for the SCE platform, providing a secure means of managing the SCE
platform, as the authentication server will authenticate each user. This then centralizes the authentication
database, making it easier for the customers to manage the SCE platform.
TACACS+ services are maintained in a database on a TACACS+ server running, typically, on a UNIX
or Windows NT workstation. You must have access to and must configure a TACACS+ server before the
configured TACACS+ features on your network element are available.
The TACACS+ protocol provides authentication between the network element and the TACACS+ ACS,
and it can also ensure confidentiality, if a key is configured, by encrypting all protocol exchanges
between a network element and a TACACS+ server.
The TACACS+ protocol provides the following three features:
•
•
•
Login Authentication
The SCE platform uses the TACACS+ ASCII authentication message for CLI, Telnet and SSH access.
TACACS+ allows an arbitrary conversation to be held between the server and the user until the server
receives enough information to authenticate the user. This is usually done by prompting for a username
and password combination.
The login and password prompts may be provided by the TACACS+ server, or if the TACACS+ server
does not provide the prompts, then the local prompts will be used.
The user log in information (user name and password) is transmitted to the TACACS+ server for
authentication. If the TACACS+ server indicates that the user is not authenticated, the user will be
re-prompted for the user name and password. The user is re-prompted a user-configurable number of
times, after which the failed login attempt is recorded in the SCE platform user log and the telnet session
is terminated (unless the user is connected to the console port.)
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
5-12
TACACS+ Authentication, Authorization, and Accounting, page 5-12
Login Authentication, page 5-12
Accounting, page 5-13
Privilege Level Authorization, page 5-13
General AAA Fallback and Recovery Mechanism, page 5-14
About Configuring TACACS+, page 5-14
Login authentication
Privilege level authorization
Accounting
Chapter 5
Configuring the Management Interface and Security
OL-7827-12
Advertisement
Table of Contents
