TACACS+ Configuration Example
133
20
TACACS+
TACACS+ (Terminal Access Controller Access Control System) provides access control for
networked devices via one or more centralized servers. Similar to RADIUS, this protocol
simplifies authentication by making use of a single database that can be shared by many
clients on a large network. TACACS+ is based on the TACACS protocol described in
RFC1492. TACACS+ uses TCP to ensure reliable delivery and a shared key configured on the
client and daemon server to encrypt all messages.
After you configure TACACS+ as the authentication method for user login, the NAS
(Network Access Server) prompts for the user login credentials and requests services from the
DWS-3000 TACACS+ client. The client then uses the configured list of servers for
authentication, and provides results back to the NAS. You can configure the TACACS+ server
list with one or more hosts defined via their network IP address. You can also assign each a
priority to determine the order in which the TACACS+ client will contact them. TACACS+
contacts the server when a connection attempt fails or times out for a higher priority server.
You can configure each server host with a specific connection type, port, timeout, and shared
key, or you can use global configuration for the key and timeout.
Like RADIUS, the TACACS+ server can do the authentication itself, or redirect the request to
another back-end device. All sensitive information is encrypted and the shared secret is never
passed over the network - it is used only to encrypt the data.
TACACS+ Configuration Example
This example configures two TACACS+ servers at 10.10.10.10 and 11.11.11.11. Each server
has a unique shared secret key. The server at 10.10.10.10 has a default priority of 0, the highest
priority, while the other server has a priority of 2. A new authentication list called tacacsList is
created which uses TACACS+ to authenticate, and uses local authentication as a backup
method. This authentication list is then associated with the default login.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
