Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
911912913914915916917918919920
PowerConnect B-Series TI24X Configuration Guide 877
53-1002269-02
Configuring TACACS/TACACS+ security
26
Configuring TACACS/TACACS+ security
You can use the security protocol Terminal Access Controller Access Control System (TACACS) or
TACACS+ to authenticate the following kinds of access to the device:
Telnet access
SSH access
Console access
Access to the Privileged EXEC level and CONFIG levels of the CLI
The TACACS and TACACS+ protocols define how authentication, authorization, and accounting
information is sent between a device and an authentication database on a TACACS/TACACS+
server. TACACS/TACACS+ services are maintained in a database, typically on a UNIX workstation or
PC with a TACACS/TACACS+ server running.
NOTE
On PowerConnect B-Series TI24X devices, the TACACS+ security feature is supported.
How TACACS+ differs from TACACS
TACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET.
TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery.
TACACS+ is an enhancement to the TACACS security protocol. TACACS+ improves on TACACS by
separating the functions of authentication, authorization, and accounting (AAA) and by encrypting
all traffic between the device and the TACACS+ server. TACACS+ allows for arbitrary length and
content authentication exchanges, which allow any authentication mechanism to be utilized with
the device. TACACS+ is extensible to provide for site customization and future development
features. The protocol allows the device to request very precise access control and allows the
TACACS+ server to respond to each component of that request.
NOTE
TACACS+ provides for authentication, authorization, and accounting, but an implementation or
configuration is not required to employ all three.
TACACS/TACACS+ authentication, authorization,
and accounting
When you configure a device to use a TACACS/TACACS+ server for authentication, the device
prompts users who are trying to access the CLI for a user name and password, then verifies the
password with the TACACS/TACACS+ server.
If you are using TACACS+, Dell recommends that you also configure authorization, in which the
device consults a TACACS+ server to determine which management privilege level (and which
associated set of commands) an authenticated user is allowed to use. You can also optionally
configure accounting, which causes the device to log information on the TACACS+ server when
specified events occur on the device.