How Tacacs+ Differs From Tacacs; Tacacs And Tacacs+ Authentication, Authorization, And Accounting - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.8.00
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1436 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
How TACACS+ differs from TACACS
TACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET.
TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery.
TACACS+ is an enhancement to the TACACS security protocol. TACACS+ improves on TACACS by
separating the functions of authentication, authorization, and accounting (AAA) and by encrypting
all traffic between the device and the TACACS+ server. TACACS+ allows for arbitrary length and
content authentication exchanges, which allow any authentication mechanism to be utilized with
the device. TACACS+ is extensible to provide for site customization and future development
features. The protocol allows the device to request very precise access control and allows the
TACACS+ server to respond to each component of that request.
NOTE
TACACS+ provides for authentication, authorization, and accounting, but an implementation or
configuration is not required to employ all three.
TACACS and TACACS+ authentication, authorization,
and accounting
When you configure a device to use a TACACS and TACACS+ server for authentication, the device
prompts users who are trying to access the CLI for a user name and password, then verifies the
password with the TACACS and TACACS+ server.
If you are using TACACS+, Brocade recommends that you also configure authorization, in which the
device consults a TACACS+ server to determine which management privilege level (and which
associated set of commands) an authenticated user is allowed to use. You can also optionally
configure accounting, which causes the device to log information on the TACACS+ server when
specified events occur on the device.
NOTE
By default, a user logging into the device through Telnet or SSH would first enter the User EXEC level.
The user can enter the enable command to get to the Privileged EXEC level.
A user that is successfully authenticated can be automatically placed at the Privileged EXEC level
after login. Refer to
TACACS authentication
NOTE
Also, multiple challenges are supported for TACACS+ login authentication.
When TACACS authentication takes place, the following events occur.
1. A user attempts to gain access to the device by doing one of the following:
2. The user is prompted for a username and password.
3. The user enters a username and password.
BigIron RX Series Configuration Guide
53-1002253-01
"Entering privileged EXEC mode after a Telnet or SSH login"
•
Logging into the device using Telnet, SSH, or the Web management interface
•
Entering the Privileged EXEC level or CONFIG level of the CLI
Configuring TACACS and TACACS+ security
4
on page 91.
83
Advertisement
Table of Contents
