Manualshelf

Technical data

ManualsBrandsBlade Network Technologies ManualsComputer equipmentBLADEOS G8124
201202203204205206207208209210
BLADEOS 6.3 Command Reference
210
Chapter 4: Configuration Commands BMD00186-B, April 2010
TACACS+ Server Configuration
TACACS (Terminal Access Controller Access Control system) is an authentication protocol that
allows a remote access server to forward a user's logon password to an authentication server to
determine whether access can be allowed to a given system. TACACS is not an encryption protocol,
and therefore less secure than TACACS+ and Remote Authentication Dial-In User Service
(RADIUS) protocols. (TACACS is described in RFC 1492.)
TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control
Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS
combines authentication and authorization in a user profile, whereas TACACS+ separates the two
operations.
TACACS+ offers the following advantages over RADIUS as the authentication device:
TACACS+ is TCP-based, so it facilitates connection-oriented traffic.
It supports full-packet encryption, as opposed to password-only in authentication requests.
It supports de-coupled authentication, authorization, and accounting.
Table 110 TACACS+ Server Commands
Command Syntax and Usage
[no] tacacs-server primary-host <IP address>
Defines the primary TACACS+ server address.
Command mode: Global configuration
[no] tacacs-server secondary-host <IP address>
Defines the secondary TACACS+ server address.
Command mode: Global configuration
[no] tacacs-server primary-host <IP address> key <1-32 characters>
This is the primary shared secret between the switch and the TACACS+ server(s).
Command mode: Global configuration
[no] tacacs-server secondary-host <IP address> key <1-32 characters>
This is the secondary shared secret between the switch and the TACACS+ server(s).
Command mode: Global configuration