Configuring And Enabling Tacacs - Allen-Bradley Stratix 5100 User Manual

Configuring and Enabling
TACACS+
Table 103 - Attributes Sent in Accounting-Request (stop) Packets (Continued)
Attribute ID
VSA (attribute 26)
VSA (attribute 26)
VSA (attribute 26)
VSA (attribute 26)
VSA (attribute 26)
VSA (attribute 26)
VSA (attribute 26)
By default, the access point sends reauthentication requests to the authentication
server with the service-type attribute set to authenticate-only. However, some
Microsoft IAS servers don't support the authenticate-only service-type attribute.
Depending on the user requirements, set the service-type attribute to:
dot11 aaa authentication attributes service-type
login-user
or
dot11 aaa authentication attributes service-type
.
framed-user
By default the service type "login" is sent in the access request.
TACACS+ is a security application that provides centralized validation of users
attempting to gain access to your access point. Unlike RADIUS, TACACS+
does not authenticate client devices associated to the access point.
TACACS+ services are maintained in a database on a TACACS+ daemon
typically running on a UNIX or pages NT workstation. Access and configure a
TACACS+ server before configuring TACACS+ features on your access point.
TACACS+ provides for separate and modular authentication, authorization, and
accounting facilities. TACACS+ lets a single access control server (the
TACACS+ daemon) to provide each service; authentication, authorization, and
accounting—independently. Each service can be tied into its own database to
take advantage of other services available on that server or on the network,
depending on the capabilities of the daemon.
TACACS+, administered through the AAA security services, can provide these
services:
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Configuring RADIUS and TACACS+ Servers
Description
NAS-Location
Disc-Cause-Ext
VLAN-ID
Connect-Progress
Cisco-NAS-Port
Interface
Auth-Algo-Type
Chapter 14
431