Technical data
RackSwitch G8000 ISCLI Reference
Chapter 4: Configuration Commands
107BMD00128, September 2009
TACACS+ Server Configuration
TACACS (Terminal Access Controller Access Control system) is an authentication protocol
that allows a remote access server to forward a user's logon password to an authentication
server to determine whether access can be allowed to a given system. TACACS is an
encryption protocol, and therefore less secure than TACACS+ and Remote Authentication
Dial-In User Service (RADIUS) protocols. (Both TACACS and TACACS+ are described in
RFC 1492.)
TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Con-
trol Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also,
RADIUS combines authentication and authorization in a user profile, whereas TACACS+
separates the two operations.
TACACS+ offers the following advantages over RADIUS as the authentication device:
TACACS+ is TCP-based, so it facilitates connection-oriented traffic.
It supports full-packet encryption, as opposed to password-only in authentication requests.
It supports de-coupled authentication, authorization, and accounting.
[no] radius-server backdoor
Enables or disables the RADIUS backdoor for Telnet/SSH/HTTP/HTTPS.
The default value is disabled.
To obtain the RADIUS backdoor password, contact your Service and Support line.
Command mode: Global configuration
[no] radius-server secure-backdoor
Enables or disables RADIUS secure back door access through Telnet/SSH only when the RADIUS
servers cannot be reached. This feature is recommended to permit access to the switch when the
RADIUS servers are not available.
The default setting is enabled.
Command mode: Global configuration
show radius-server
Displays the current RADIUS server parameters.
Command mode: All
Table 4-5 RADIUS Configuration Commands
Command Syntax and Usage