Configuring and enabling tacacs – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 431

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

431

Configuring RADIUS and TACACS+ Servers

Chapter 14

By default, the access point sends reauthentication requests to the authentication
server with the service-type attribute set to authenticate-only. However, some
Microsoft IAS servers don’t support the authenticate-only service-type attribute.
Depending on the user requirements, set the service-type attribute to:

dot11 aaa authentication attributes service-type

framed-user

By default the service type “login” is sent in the access request.

Configuring and Enabling
TACACS+

TACACS+ is a security application that provides centralized validation of users
attempting to gain access to your access point. Unlike RADIUS, TACACS+
does not authenticate client devices associated to the access point.

TACACS+ services are maintained in a database on a TACACS+ daemon
typically running on a UNIX or pages NT workstation. Access and configure a
TACACS+ server before configuring TACACS+ features on your access point.

TACACS+ provides for separate and modular authentication, authorization, and
accounting facilities. TACACS+ lets a single access control server (the
TACACS+ daemon) to provide each service; authentication, authorization, and
accounting—independently. Each service can be tied into its own database to
take advantage of other services available on that server or on the network,
depending on the capabilities of the daemon.

TACACS+, administered through the AAA security services, can provide these
services:

VSA (attribute 26)

NAS-Location

VSA (attribute 26)

Disc-Cause-Ext

VSA (attribute 26)

VLAN-ID

VSA (attribute 26)

Connect-Progress

VSA (attribute 26)

Cisco-NAS-Port

VSA (attribute 26)

Interface

VSA (attribute 26)

Auth-Algo-Type

Table 103 - Attributes Sent in Accounting-Request (stop) Packets (Continued)

Attribute ID

Description