Tacacs+ packet, Configuring tacacs, Igure – GarrettCom MNS-6K 4.1.4 User Manual

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E

is authentication where the user is verified against the network user database. The second stage is
authorization, where it is determined whether the user has operator access or manager privileges.

TACACS+ Packet

Packet encryption is a supported and is a configurable option for the Magnum MNS-6K software.
When encrypted, all authentication and authorization TACACS+ packets are encrypted and are
not readable by protocol capture and sniffing devices such as EtherReal or others. Packet data is
hashed and shared using MD5 and secret string defined between the Magnum 6K family of
switches and the TACACS+ server.

32 bits wide

4 4 8

8

8

bits

Major

Version

Minor

Version

Packet type Sequence no.

Flags

Session ID

Length

F

IGURE

72 – TACACS packet format

•

Major Version – The major TACACS+ version number.

•

Minor version – The minor TACACS+ version number. This is intended to allow
revisions to the TACACS+ protocol while maintaining backwards compatibility

•

Packet type – Possible values are

TAC_PLUS_AUTHEN:= 0x01 (Authentication)
TAC_PLUS_AUTHOR:= 0x02 (Authorization)
TAC_PLUS_ACCT:= 0x03 (Accounting)

•

Sequence number – The sequence number of the current packet for the current
session

•

Flags – This field contains various flags in the form of bitmaps. The flag values signify
whether the packet is encrypted

•

Session ID – The ID for this TACACS+ session

•

Length - The total length of the TACACS+ packet body (not including the header)

Configuring TACACS+

CLI commands to configure TACACS+ are

Syntax show tacplus - show status of TACACS or servers configured as TACACS+

servers

118