beautypg.com

Introduction, Tacacs+ overview, The alliedware plus tacacs+ implementation – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1290: Introduction tacacs+ overview

background image

TACACS+ Introduction and Configuration

Software Reference for x310 Series Switches

48.2

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Introduction

This chapter provides information about the AlliedWare Plus implementation of TACACS+
and how to configure it on this switch. For detailed descriptions of the commands used to
configure TACACS+, see

Chapter 49, TACACS+ Commands

. For information about

Authentication, Authorization and Accounting (AAA), see

Chapter 44, AAA Introduction

and Configuration

and

Chapter 45, AAA Commands

.

TACACS+ Overview

TACACS+ (Terminal Access Controller Access-Control System Plus) provides a method for
securely managing multiple network access points from a single management service.

TACACS+ is a TCP-based access control protocol, utilizing TCP port 49, that allows a device
to forward a user's username and password to an authentication server to determine
whether access can be allowed. In addition to this authentication service, TACACS+ can
also provide authorization and accounting services.

One of the features of TACACS+ is the ability to separate authentication, authorization and
accounting so that these functions can be provided independently on separate servers.
Authentication involves identifying a user, typically by requiring the user to supply a valid
username and password before access is granted. Following authentication, the user must
gain authorization to perform tasks. For example, after logging into a switch, a user may
try to issue configuration commands. The authorization process determines whether the
user has the authority to issue these commands. Authorization is always preceded by
authentication.

The AlliedWare Plus TACACS+ Implementation

The AlliedWare Plus TACACS+ implementation provides authentication, authorization,
and accounting. Note that:

Authorization cannot be performed independently of the authentication process.
There are no authorization commands available.

Authentication and authorization must be configured on the same server.

Authorization is only applicable if enable password authentication has not been
configured with the

aaa authentication enable default group tacacs+

command.

With the AlliedWare Plus TACACS+ implementation, all traffic that passes between the
TACACS+ client and the TACACS+ servers on the network is encrypted. TACACS+ encrypts
the entire payload of packets, which means that it encrypts the user's password between
the client and the server.

A TACACS+ client is available on your switch. You need a system running TACACS+ server
software from a software provider to use the TACACS+ functionality on your switch.

See also other documents in the category Allied Telesis Computer hardware: