Table of Contents
Advertisement
CHAPTER 9
Configuring TACACS+
TACACS+ Overview
Copyright © 2010, Juniper Networks, Inc.
This chapter explains how to enable and configure TACACS+ in your E Series router. It
has the following sections:
TACACS+ Overview on page 311
TACACS+ Platform Considerations on page 315
TACACS+ References on page 315
Before You Configure TACACS+ on page 315
Configuring TACACS+ Support on page 316
With the increased use of remote access, the need for managing more network access
servers (NAS) has increased. Additionally, the need for control access on a per-user basis
has escalated, as has the need for central administration of users and passwords.
Terminal Access Controller Access Control System (TACACS) is a security protocol that
provides centralized validation of users who are attempting to gain access to a router or
NAS. TACACS+, a more recent version of the original TACACS protocol, provides separate
authentication, authorization, and accounting (AAA) services.
NOTE: TACACS+ is a completely new protocol and is not compatible with TACACS or
XTACACS.
The TACACS+ protocol provides detailed accounting information and flexible
administrative control over the authentication, authorization, and accounting process.
The protocol allows a TACACS+ client to request detailed access control and allows the
TACACS + process to respond to each component of that request. TACACS+ uses
Transmission Control Protocol (TCP) for its transport.
TACACS+ provides security by encrypting all traffic between the NAS and the process.
Encryption relies on a secret key that is known to both the client and the TACACS+
process.
Table 64 on page 312 describes terms that are frequently used in this chapter.
311
Advertisement
Table of Contents
Troubleshooting
