Alteon OS Command Reference

/cfg/sys/tacacs+

TACACS+ Server Configuration

TACACS (Terminal Access Controller Access Control system) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. TACACS is an encryption protocol, and therefore less secure than TACACS+ and Remote Authentication Dial-In User Service (RADIUS) protocols. (Both TACACS and TACACS+ are described in RFC 1492.)

TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Con- trol Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS combines authentication and authorization in a user profile, whereas TACACS+ separates the two operations.

TACACS+ offers the following advantages over RADIUS as the authentication device:

„TACACS+ is TCP-based, so it facilitates connection-oriented traffic.

„It supports full-packet encryption, as opposed to password-only in authentication requests.

„It supports de-coupled authentication, authorization, and accounting.

[TACACS+ Server

Menu]

prisrv

-

Set IP address of primary TACACS+ server

secsrv

-

Set IP address of secondary TACACS+ server

secret

-

Set secret for primary TACACS+ server

secret2

-

Set secret for secondary TACACS+ server

port

-

Set TACACS+ port number

retries

-

Set number of TACACS+ server retries

timeout

-

Set timeout value of TACACS+ server retries

telnet

-

Enable/disable TACACS+ backdoor for telnet/ssh/http

secbd

-

Enable/disable TACACS+ secure backdoor for telnet/

cmap

-

ssh/http

Enable/disable TACACS+ new privilege level mapping

passch

-

Enable/disable TACACS+ password change

chpass_p -

Set new password for primary server

chpass_s -

Set new password for secondary server

cauth

-

Enable/disable TACACS+ command authorization

clog

-

Enable/disable TACACS+ command logging

on

-

Enable TACACS+ authentication

off

-

Disable TACACS+ authentication

cur

-

Display current TACACS+ settings

BMD00007, November 2007

The Configuration Menu „ 187

Page 185
Image 185
Nortel Networks BMD00007 manual Cfg/sys/tacacs+, TACACS+ Server Configuration