Professional Documents
Culture Documents
TACACS
login tacacs
tacacs-server
tacacs-server
tacacs-server
host 192.20.22.7
key "I am cool"
attempts 3
TACACS+
An new version of TACACS, however
less compatible
Uses a separate server for AAA
TACACS+ packet
4 bits
4 bits
8 bits
8 bits
8 bits
Major
Minor
Packet type
Sequence No.
Flags
Session ID (4 bytes)
Length (4 bytes)
Major/Minor version
Packet Type
Authentication, Authorization, or Accounting
Flags
Whether encryption is set
TACACS+ Traffic
Authentication
Enables the switch/router to ask for passwords on a
remote server
Set up passwords for login and enable access
Backup with enable password in case server is down
aaa
aaa
aaa
new-model
authentication login default tacacs+ enable
authentication enable default tacacs+ enable
Authorization
Request authorization for events. Obtaining a
shell, configuring, or certain commands
Again, have a backup command in case the
server is down.
Accounting
Log access and attempted access to a remote
server
Can log inbound and/or outbound connections
Types of accounting
Reference Links
http://www.cisco.com/en/US/products/hw/switches/ps637/produ
cts_configuration_guide_chapter09186a008007da46.html#15411
http://www.cisco.com/en/US/tech/tk59/technologies_configuratio
n_example09186a0080093c7c.shtml
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09
186a0080094e99.shtml
http://www.informit.com/articles/article.asp?
p=170744&seqNum=2
http://www.cisco.com/pcgi-bin/search/search.pl?
searchPhrase=cisco+router+1601+support+tacacs&x=0&y=0&nv
=Search+All+Cisco.com
%23%23cisco.com&nv=Technical+Support%26Documentation
%23%23cisco.com
%23TSD&language=en&country=US&accessLevel=Guest&siteToSe
arch=cisco.com
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/produ
cts_configuration_guide_chapter09186a00800ca7a7.html#16099
Clearbox server: http://www.xperiencetech.com/