Configuring Tacacs; Chapter 9 Configuring Tacacs; Tacacs+ Overview - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12 Configuration Manual

CHAPTER 9

Configuring TACACS+

TACACS+ Overview

Copyright © 2010, Juniper Networks, Inc.
This chapter explains how to enable and configure TACACS+ in your E Series router. It
has the following sections:
TACACS+ Overview on page 317
TACACS+ Platform Considerations on page 321
TACACS+ References on page 321
Before You Configure TACACS+ on page 321
Configuring TACACS+ Support on page 322
With the increased use of remote access, the need for managing more network access
servers (NAS) has increased. Additionally, the need for control access on a per-user basis
has escalated, as has the need for central administration of users and passwords.
Terminal Access Controller Access Control System (TACACS) is a security protocol that
provides centralized validation of users who are attempting to gain access to a router or
NAS. TACACS+, a more recent version of the original TACACS protocol, provides separate
authentication, authorization, and accounting (AAA) services.
NOTE: TACACS+ is a completely new protocol and is not compatible with
TACACS or XTACACS.
The TACACS+ protocol provides detailed accounting information and flexible
administrative control over the authentication, authorization, and accounting process.
The protocol allows a TACACS+ client to request detailed access control and allows the
TACACS + process to respond to each component of that request. TACACS+ uses
Transmission Control Protocol (TCP) for its transport.
TACACS+ provides security by encrypting all traffic between the NAS and the process.
Encryption relies on a secret key that is known to both the client and the TACACS+
process.
Table 64 on page 318 describes terms that are frequently used in this chapter.
317