Technical data
RackSwitch G8124 Command Reference
Chapter 4: Configuration Commands
113BMD00076, January 2009
TACACS+ Server Configuration
TACACS (Terminal Access Controller Access Control system) is an authentication protocol
that allows a remote access server to forward a user's logon password to an authentication
server to determine whether access can be allowed to a given system. TACACS is an encryp-
tion protocol, and therefore less secure than TACACS+ and Remote Authentication Dial-In
User Service (RADIUS) protocols. (Both TACACS and TACACS+ are described in RFC
1492.)
TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Con-
trol Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also,
RADIUS combines authentication and authorization in a user profile, whereas TACACS+
separates the two operations.
TACACS+ offers the following advantages over RADIUS as the authentication device:
TACACS+ is TCP-based, so it facilitates connection-oriented traffic.
It supports full-packet encryption, as opposed to password-only in authentication requests.
It supports de-coupled authentication, authorization, and accounting.
radius-server port <1500-3000>
Sets RADIUS port number.
Command mode: Global configuration
[no] radius-server secure-backdoor
Enables or disables RADIUS secure back door access through Telnet/SSH only when the RADIUS
servers cannot be reached. This feature is recommended to permit access to the switch when the
RADIUS servers are not available.
The default setting is enabled.
Command mode: Global configuration
show radius-server
Displays the current RADIUS server parameters.
Command mode: All
Table 4-5 RADIUS Configuration Commands
Command Syntax and Usage