Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
8
Helpful
6
Replies

TACACS

rajeshbarhia
Level 1
Level 1

‎06-13-2006 01:08 AM - edited ‎03-05-2019 11:57 AM

Can someone explore the basics of TACACS.

Regds

Rajesh Barhia

Labels:
0 Helpful
6 Replies 6

mahmoodmkl
Level 7
Level 7

‎06-13-2006 01:53 AM

HI

As TACACS is terminal access control access control system.it is used for security of u r network devices in conjunction with AAA.

Thanks

Mahmood

0 Helpful

rangap26.
Level 1
Level 1
In response to mahmoodmkl

‎06-13-2006 02:07 AM

Hi,

Kindly check the Link

http://www.cisco.com/warp/public/480/10.html

and http://www.cisco.com/warp/public/614/7.html

which will help you i suppose

Kindly rate if it is helpful

devang_etcom
Level 7
Level 7

‎06-13-2006 03:08 AM

rajesh TACACS is used for the authentication, autorisation and accounting which is know as AAA...

like when ever any one try to enter in to your network then first of all its request will tranfer to the TACACS server and then TACACS server will prompt for the authentication and after authentication it will allow you the resources access which is assign by the administrator...

hope you will get the idea of why it is used and what its provide...

you can say its used for the security perpose...

rate this post if it helps

regards

Devang

leighharrison
Level 7
Level 7

‎06-18-2006 03:09 AM

Hi there Rajesh,

As everyone has mentioned, TACACS+ is for AAA. TACACS+ is VERY similar to RADIUS, but is the Cisco protocol, it has pretty much the same functionality.

The authentication is WHO and is used for centralised usernames/logins on switches and routers.

The authorisation is WHAT and is used for specifying the commands or the login level that the users can use.

The accounting is WHEN and is used for capturing information about when a user logged on, what commands were typed etc.

You can download tacplus - the free version of tacacs to have a play with. Info here: http://www.cisco.com/warp/public/480/tacplus.shtml

On place I worked at, I had tacplus running and it was accounting to a file in the servers internet root directory and the commands typed were vailable online incase some mistakes were made so that we could back track if need be.

Regards,

LH

Please rate all posts

0 Helpful

Vasiliy Rudomanov
Level 1
Level 1
In response to leighharrison

‎11-08-2012 03:42 AM

Hi,

Please explain me how I can grant only several command into configuration mode with TACACS+?

I found example of tac_plus.conf file where I can grant "configuration terminal", but it is hard to find how to grant only "access-list" command but no "ip route".

0 Helpful

turnera
Level 1
Level 1
In response to Vasiliy Rudomanov

‎11-09-2012 10:39 AM

When you create a user account within the TACACS+ program, you have the ability to assign specific commands to that user, or users, if you choose to group them together.

The structure is similar to Windows Server/workstation, create users, create groups, assign users into those groups, apply a certain permission set to that group that all the users will then inherit.

You can identify which commands that you will allow within the group and the users within that group will only have those commands available to them upon their logon and authentication via AAA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card