Manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
350
Chapter 44 TACACS+ Configuration
44.1 Introduction to TACACS+
TACACS+ terminal access controller access control protocol is a protocol similar to the radius
protocol for control the terminal access to the network. Three independent functions of
Authentication, Authorization, Accounting are also available in this protocol. Compared with
RADIUS, the transmission layer of TACACS+ protocol is adopted with TCP protocol, further
with the packet head ( except for standard packet head) encryption, this protocol is of a more
reliable transmission and encryption characteristics, and is more adapted to security control.
According to the characteristics of the TACACS+ (Version 1.78), we provide TACACS+
authentication function on the switch, when the user logs, such as telnet, the authentication of
user name and password can be carried out with TACACS+.
44.2 TACACS+ Configuration Task List
1. Configure the TACACS+ authentication key
2. Configure the TACACS+ server
3. Configure the TACACS+ authentication timeout time
4. Configure the IP address of the RADIUS NAS
1. Configure the TACACS+ authentication key
Command
Explanation
Global Mode
tacacs-server key {0 | 7}<string>
no tacacs-server key
Configure the TACACS+ server key; the “no
tacacs-server key” command deletes the key.
2. Configure TACACS+ server
Command
Explanation
Global Mode
tacacs-server authentication host <ip-
address> [port <port-number>] [timeout
<seconds>] [key {0 | 7} <string>] [primary]
no tacacs-server authentication host <ip-
address>
Configure the IP address, listening port
number, the value of timeout timer and the
key string of the TACACS+ server; the no
form of this command deletes the TACACS+
authentication server.
3. Configure the TACACS+ authentication timeout time