06-13-2006 01:08 AM - edited 03-05-2019 11:57 AM
Can someone explore the basics of TACACS.
Regds
Rajesh Barhia
06-13-2006 01:53 AM
HI
As TACACS is terminal access control access control system.it is used for security of u r network devices in conjunction with AAA.
Thanks
Mahmood
06-13-2006 02:07 AM
Hi,
Kindly check the Link
http://www.cisco.com/warp/public/480/10.html
and http://www.cisco.com/warp/public/614/7.html
which will help you i suppose
Kindly rate if it is helpful
06-13-2006 03:08 AM
rajesh TACACS is used for the authentication, autorisation and accounting which is know as AAA...
like when ever any one try to enter in to your network then first of all its request will tranfer to the TACACS server and then TACACS server will prompt for the authentication and after authentication it will allow you the resources access which is assign by the administrator...
hope you will get the idea of why it is used and what its provide...
you can say its used for the security perpose...
rate this post if it helps
regards
Devang
06-18-2006 03:09 AM
Hi there Rajesh,
As everyone has mentioned, TACACS+ is for AAA. TACACS+ is VERY similar to RADIUS, but is the Cisco protocol, it has pretty much the same functionality.
The authentication is WHO and is used for centralised usernames/logins on switches and routers.
The authorisation is WHAT and is used for specifying the commands or the login level that the users can use.
The accounting is WHEN and is used for capturing information about when a user logged on, what commands were typed etc.
You can download tacplus - the free version of tacacs to have a play with. Info here: http://www.cisco.com/warp/public/480/tacplus.shtml
On place I worked at, I had tacplus running and it was accounting to a file in the servers internet root directory and the commands typed were vailable online incase some mistakes were made so that we could back track if need be.
Regards,
LH
Please rate all posts
11-08-2012 03:42 AM
Hi,
Please explain me how I can grant only several command into configuration mode with TACACS+?
I found example of tac_plus.conf file where I can grant "configuration terminal", but it is hard to find how to grant only "access-list" command but no "ip route".
11-09-2012 10:39 AM
When you create a user account within the TACACS+ program, you have the ability to assign specific commands to that user, or users, if you choose to group them together.
The structure is similar to Windows Server/workstation, create users, create groups, assign users into those groups, apply a certain permission set to that group that all the users will then inherit.
You can identify which commands that you will allow within the group and the users within that group will only have those commands available to them upon their logon and authentication via AAA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide