User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch

111

112

113

114

115

116

117

118

119

120

116

Authentication in PAP and CHAP Ways

PAP login is similar with ASCII login, but the difference is that username and password of network access

server is in PAP message not entered by user, thus it would not prompt user to enter relative information.

CHAP login is similar in the main parts. After authentication, user need to enter authorization stage if network

access server asks for the authorization for user. But before TACACS+ authorization is handled, TACACS+

authentication has to be finished.

If TACACS+ authorization needs to be processed, it needs to contact with TACACS+ server program again

and go back to the authorization response of ACCEPT or REJECT. If back to ACCEPT, AV (attribute-value) for

data, which is used for specifying the user’s EXEC or NETWORK dialogue and confirming services which user

can access, might be included.

10.2 TACACS+ Configuration Process

In order to configure as supporting TACACS+, the following tasks must be processed:

Using command tacacs-server to assign one or multiple IP addresses of TACACS+ server. Using command

tacacs key to assign encrypted secret key for all the exchanged information between network access server

and TACACS+ server. The same secret key has to be configured in TACACS+ server program.

Use the global configuration command aaa authentication to define the method table which uses TACACS+ to

do authentication. More information about command aaa authentication, please refer to “Authentication

Configuration”.

Use commands line and interface to apply the defined method table on interfaces or lines. More relative

information, please refer to “Authentication Configuration”.

10.3 TACACS+ Configuration Task List

 Assigning TACACS+ server

 Setting up TACACS+ encrypted secret key

 Assigning to use TACACS+ for authentication

 Assigning to use TACACS+ for authorization

 Assigning to use TACACS+ for accounting

10.4 TACACS+ Configuration Task

10.4.1 Assigning TACACS+ Server

Command Tacacs-server could help to assign the IP address of TACACSC+ server. Because TACACS+

searching host in the configured order, this characteristic is useful for servers which configured with different

priorities. In order to assign TACACS+ host, use the following commands under global configuration mode:

Command Purpose

tacacs-server host ip-address

[

single-connection

multi-connection

]

[

port

integer] [

timeout

integer] [

key

string]

To assign the IP address of TACACS+ server

and relative features.