TACACS+ server configuration
TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. TACACS+ and Remote Authentication
TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS combines authentication and authorization in a user profile, whereas TACACS+ separates the two operations.
TACACS+ offers the following advantages over RADIUS as the authentication device:
•TACACS+ is
•It supports
•It supports decoupled authentication, authorization, and accounting.
The following table describes the TACACS+ Server Configuration commands.
Table 59 TACACS+ Server Configuration commands
Command | Description |
[no] | Defines the primary TACACS+ server address. |
| Command mode: Global configuration |
[no]
Defines the primary or secondary shared secret between the switch and the TACACS+ server(s).
Command mode: Global configuration
Enter the number of the TCP port to be configured, between 1 - | |
| 65000. The default is 49. |
| Command mode: Global configuration |
Sets the number of failed authentication requests before | |
| switching to a different TACACS+ server. The range is |
| requests. The default is 3 requests. |
| Command mode: Global configuration |
Sets the amount of time, in seconds, before a TACACS+ server | |
| authentication attempt is considered to have failed. The range |
| is |
| Command mode: Global configuration |
[no] | Enables or disables the TACACS+ back door for telnet. The |
| telnet command also applies to SSH/SCP connections and |
| the |
| apply when secure backdoor (secbd) is enabled. |
| Command mode: Global configuration |
[no] | Enables or disables the TACACS+ back door using secure |
| password for telnet/SSH/ HTTP/HTTPS. This command does |
| not apply when backdoor (telnet) is enabled. |
| Command mode: Global configuration |
[no] | Enables or disables TACACS+ |
| The default value is disabled. |
| Command mode: Global configuration |
Maps a TACACS+ authorization level to this switch user level. Enter a TACACS+ privilege level
Command mode: Global configuration
Enables the TACACS+ server. | |
| Command mode: Global configuration |
no | Disables the TACACS+ server. |
| Command mode: Global configuration |
show | Displays current TACACS+ configuration parameters. |
| Command mode: All |
Configuration Commands 62