Chapter 55 tacacs+ configuration, 1 introduction to tacacs, 2 tacacs+ configuration task list – PLANET XGS3-24042 User Manual

55-1

Chapter 55 TACACS+ Configuration

55.1 Introduction to TACACS+

TACACS+ terminal access controller access control protocol is a protocol similar to the radius protocol for

control the terminal access to the network. Three independent functions of Authentication, Authorization,

Accounting are also available in this protocol. Compared with RADIUS, the transmission layer of TACACS+

protocol is adopted with TCP protocol, further with the packet head ( except for standard packet head)

encryption, this protocol is of a more reliable transmission and encryption characteristics, and is more

adapted to security control.

According to the characteristics of the TACACS+ (Version 1.78), we provide TACACS+ authentication function

on the switch, when the user logs, such as telnet, the authentication of user name and password can be

carried out with TACACS+.

55.2 TACACS+ Configuration Task List

1.

Configure the TACACS+ authentication key

2.

Configure the TACACS+ server

3.

Configure the TACACS+ authentication timeout time

4.

Configure the IP address of the RADIUS NAS

1. Configure the TACACS+ authentication key

Command

Explanation

Global Mode

tacacs-server key <string>

no tacacs-server key

Configure the TACACS+ server key; the

“no tacacs-server key” command deletes

the key.

2. Configure TACACS+ server

Command

Explanation

Global Mode

tacacs-server authentication host

<IPaddress> [[port {<portNum>}]

[timeout <seconds>] [key <string>]

[primary]]

no tacacs-server authentication host

<IPaddress>

Configure the IP address, listening port

number, the value of timeout timer and the

key string of the TACACS+ server; the no

form of this command deletes the

TACACS+ authentication server.