Table of Contents
Advertisement
Chapter 9
Configuring TACACS+
TACACS+ Overview
This chapter explains how to enable and configure TACACS+ in your E Series router.
It has the following sections:
TACACS+ Overview on page 317
TACACS+ Platform Considerations on page 321
TACACS+ References on page 321
Before You Configure TACACS+ on page 322
Configuring TACACS+ Support on page 322
With the increased use of remote access, the need for managing more network access
servers (NAS) has increased. Additionally, the need for control access on a per-user
basis has escalated, as has the need for central administration of users and passwords.
Terminal Access Controller Access Control System (TACACS) is a security protocol
that provides centralized validation of users who are attempting to gain access to a
router or NAS. TACACS+, a more recent version of the original TACACS protocol,
provides separate authentication, authorization, and accounting (AAA) services.
NOTE: TACACS+ is a completely new protocol and is not compatible with TACACS
or XTACACS.
The TACACS+ protocol provides detailed accounting information and flexible
administrative control over the authentication, authorization, and accounting process.
The protocol allows a TACACS+ client to request detailed access control and allows
the TACACS + process to respond to each component of that request. TACACS+
uses Transmission Control Protocol (TCP) for its transport.
TACACS+ provides security by encrypting all traffic between the NAS and the process.
Encryption relies on a secret key that is known to both the client and the TACACS+
process.
Table 64 on page 318 describes terms that are frequently used in this chapter.
317
TACACS+ Overview
Advertisement
Table of Contents
Troubleshooting
