User's Manual
Table Of Contents
- Contents
- Preface
- The Command Line Interface
- First-Time Configuration
- Using the Setup Utility
- Setting Passwords
- Menu Basics
- The Information Menu
- Information Menu
- System Information
- Layer 2 Information
- Layer 3 Information
- IP Routing Information
- ARP Information
- BGP Information
- BGP Peer information
- BGP Summary information
- OSPF Information
- Routing Information Protocol Information
- IP Information
- IGMP Multicast Group Information
- IGMP Group Information
- IGMP Multicast Router Port Information
- IGMP Mrouter Information
- VRRP Information
- Quality of Service Information
- 802.1p Information
- Access Control List Information
- Link Status Information
- Port Information
- Logical Port to GEA Port Mapping
- Fiber Port SFP Status
- Information Dump
- The Statistics Menu
- The Configuration Menu
- Configuration Menu
- Viewing, Applying, and Saving Changes
- System Configuration
- Port Configuration
- Layer 2 Configuration
- 802.1x Configuration
- Rapid Spanning Tree Protocol/ Multiple Spanning Tree Protocol Configuration
- Common Internal Spanning Tree Configuration
- Spanning Tree Configuration
- GVRP Configuration
- GVRP Port Configuration
- Trunk Configuration
- IP Trunk Hash Configuration
- LACP Configuration
- Layer 2 Failover Configuration
- VLAN Configuration
- Protocol-based VLAN Configuration
- Private VLAN Configuration
- Layer 3 Configuration
- IP Interface Configuration
- Default Gateway Configuration
- IP Static Route Configuration
- IP Multicast Route Configuration
- ARP Configuration
- IP Forwarding Configuration
- Network Filter Configuration
- Routing Map Configuration
- Routing Information Protocol Configuration
- Open Shortest Path First Configuration
- Border Gateway Protocol Configuration
- IGMP Configuration
- Domain Name System Configuration
- Bootstrap Protocol Relay Configuration
- VRRP Configuration
- Quality of Service Configuration
- Access Control List Configuration
- Port Mirroring Configuration
- Setup
- Dump
- Saving the Active Switch Configuration
- Restoring the Active Switch Configuration
- The Operations Menu
- The Boot Options Menu
- The Maintenance Menu
- Alteon OS Syslog Messages
- Alteon OS SNMP Agent
- Glossary
- Index
Alteon OS Command Reference
182
The Configuration Menu 43W7774, May 2007
/cfg/sys/tacacs+
TACACS+ Server Configuration
TACACS (Terminal Access Controller Access Control system) is an authentication protocol
that allows a remote access server to forward a user's logon password to an authentication
server to determine whether access can be allowed to a given system. TACACS is an
encryption protocol, and therefore less secure than TACACS+ and Remote Authentication
Dial-In User Service (RADIUS) protocols. (Both TACACS and TACACS+ are described in
RFC 1492.)
TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Con-
trol Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also,
RADIUS combines authentication and authorization in a user profile, whereas TACACS+
separates the two operations.
TACACS+ offers the following advantages over RADIUS as the authentication device:
TACACS+ is TCP-based, so it facilitates connection-oriented traffic.
It supports full-packet encryption, as opposed to password-only in authentication requests.
It supports de-coupled authentication, authorization, and accounting.
[TACACS+ Server Menu]
prisrv - Set IP address of primary TACACS+ server
secsrv - Set IP address of secondary TACACS+ server
secret - Set secret for primary TACACS+ server
secret2 - Set secret for secondary TACACS+ server
port - Set TACACS+ port number
retries - Set number of TACACS+ server retries
timeout - Set timeout value of TACACS+ server retries
telnet - Enable/disable TACACS+ backdoor for telnet/ssh/http
secbd - Enable/disable TACACS+ secure backdoor for telnet/
ssh/http
cmap - Enable/disable TACACS+ new privilege level mapping
passch - Enable/disable TACACS+ password change
chpass_p - Set new password for primary server
chpass_s - Set new password for secondary server
cauth - Enable/disable TACACS+ command authorization
clog - Enable/disable TACACS+ command logging
on - Enable TACACS+ authentication
off - Disable TACACS+ authentication
cur - Display current TACACS+ settings