Manualshelf

User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch
111112113114115116117118119120
114
Chapter 10 TACACS+ Configuration
10.1 TACACS+ Overview
As an access security control protocol, TACACS+ provides the centralized verification of acquiring the network
access server’s access right for users. . The communication’s safety is guaranteed because the information
exchange between network access server and TACACS+ service program is encrypted
Before using TACACS+ configured on network access server, TACACS+’s server has to be accessed and
configured. TACACS+ provides independent modularized authentication, authorization and accounting.
Authentication—supporting multiple authentication ways (ASCII, PAP, CHAP and etc), provides the ability of
processing any conversation with users (for example, bringing forward probing questions like family address,
service type, ID number and etc. after providing login username and password). Moreover, TACACS+
authentication service supports sending information to user’s screen, like sending information to notify user
that their password has to be changed because of the company’s password aging policy.
Authorization—detailed controlling of user’s service limitation during service time, including setting up
automatic commands, access control, dialog continuing time and etc. It can also limit the command
enforcement which user might execute.
Accounting—collecting and sending the information of creating bills, auditing, or counting the usage status of
network resources. Network manager can use accounting ability to track user’s activities for security auditing
or provide information for user’s bills. The accounting function keeps track of user authentication, beginning
and starting time, executed commands, packets’ quantity and bytes’ quantities, and etc.
10.1.1 The Operation of TACACS+ Protocol