Administrator Guide
Security Commands 963
TACACS+ Commands
Dell EMC Networking N1100-ON/N1500/N2000/N2100-
ON/N3000/N3100-ON/N4000 Series Switches
TACACS+ provides access control for networked devices via one or more
centralized servers, similar to RADIUS this protocol simplifies authentication
by making use of a single database that can be shared by many clients on a
large network. TACACS+ is based on the TACACS protocol (described in
RFC1492) but additionally provides for separate authentication,
authorization and accounting services. The original protocol was UDP based
with messages passed in clear text over the network; TACACS+ uses TCP to
ensure reliable delivery and a shared key configured on the client and daemon
server to encrypt all messages.
Dell EMC Networking supports authentication of a user using a TACACS+
server. When TACACS+ is configured as the authentication method for a
user login type (CLI/HTTP/HTTPS), the NAS will prompt for the user login
credentials and request services from the TACACS+ client; the client will
then use the configured list of servers for authentication and provide results
back to the NAS. The TACACS+ server list is configured with one or more
hosts defined via their network IP address; each can be assigned a priority to
determine the order in which the TACACS+ client will contact them, a
server is contacted when a connection attempt fails or times out for a higher
priority server. Each server host can be separately configured with a specific
connection type, port, time-out, and shared key, or the global configuration
may be used for the key and time-out. Like RADIUS, the TACACS+ server
may do the authentication itself, or redirect the request to another back-end
device, all sensitive information is encrypted and the shared secret is never
passed over the network.
Commands in this Section
This section explains the following commands:
key tacacs-server host
port tacacs-server key
priority tacacs-server source-interface