Tacacs+ server configuration, Tacacs+ server configuration 187, Cfg/sys/tacacs+ tacacs+ server configuration – Nortel Networks ALTEON OS BMD00007 User Manual

Page 185

Advertising
background image

Alteon OS Command Reference

The Configuration Menu

„

187

BMD00007, November 2007

/cfg/sys/tacacs+

TACACS+ Server Configuration

TACACS (Terminal Access Controller Access Control system) is an authentication protocol
that allows a remote access server to forward a user's logon password to an authentication
server to determine whether access can be allowed to a given system. TACACS is an
encryption protocol, and therefore less secure than TACACS+ and Remote Authentication
Dial-In User Service (RADIUS) protocols. (Both TACACS and TACACS+ are described in
RFC 1492.)

TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Con-
trol Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also,
RADIUS combines authentication and authorization in a user profile, whereas TACACS+
separates the two operations.

TACACS+ offers the following advantages over RADIUS as the authentication device:

„

TACACS+ is TCP-based, so it facilitates connection-oriented traffic.

„

It supports full-packet encryption, as opposed to password-only in authentication requests.

„

It supports de-coupled authentication, authorization, and accounting.

[TACACS+ Server Menu]

prisrv - Set IP address of primary TACACS+ server

secsrv - Set IP address of secondary TACACS+ server

secret - Set secret for primary TACACS+ server

secret2 - Set secret for secondary TACACS+ server

port - Set TACACS+ port number

retries - Set number of TACACS+ server retries

timeout - Set timeout value of TACACS+ server retries

telnet - Enable/disable TACACS+ backdoor for telnet/ssh/http

secbd - Enable/disable TACACS+ secure backdoor for telnet/

ssh/http

cmap - Enable/disable TACACS+ new privilege level mapping

passch - Enable/disable TACACS+ password change

chpass_p - Set new password for primary server

chpass_s - Set new password for secondary server

cauth - Enable/disable TACACS+ command authorization

clog - Enable/disable TACACS+ command logging

on - Enable TACACS+ authentication

off - Disable TACACS+ authentication

cur - Display current TACACS+ settings

Advertising
Popular Brands
Popular manuals