Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TACACS

Can someone explore the basics of TACACS.

Regds

Rajesh Barhia

6 REPLIES

Re: TACACS

HI

As TACACS is terminal access control access control system.it is used for security of u r network devices in conjunction with AAA.

Thanks

Mahmood

New Member

Re: TACACS

Hi,

Kindly check the Link

http://www.cisco.com/warp/public/480/10.html

and http://www.cisco.com/warp/public/614/7.html

which will help you i suppose

Kindly rate if it is helpful

Re: TACACS

rajesh TACACS is used for the authentication, autorisation and accounting which is know as AAA...

like when ever any one try to enter in to your network then first of all its request will tranfer to the TACACS server and then TACACS server will prompt for the authentication and after authentication it will allow you the resources access which is assign by the administrator...

hope you will get the idea of why it is used and what its provide...

you can say its used for the security perpose...

rate this post if it helps

regards

Devang

Re: TACACS

Hi there Rajesh,

As everyone has mentioned, TACACS+ is for AAA. TACACS+ is VERY similar to RADIUS, but is the Cisco protocol, it has pretty much the same functionality.

The authentication is WHO and is used for centralised usernames/logins on switches and routers.

The authorisation is WHAT and is used for specifying the commands or the login level that the users can use.

The accounting is WHEN and is used for capturing information about when a user logged on, what commands were typed etc.

You can download tacplus - the free version of tacacs to have a play with. Info here: http://www.cisco.com/warp/public/480/tacplus.shtml

On place I worked at, I had tacplus running and it was accounting to a file in the servers internet root directory and the commands typed were vailable online incase some mistakes were made so that we could back track if need be.

Regards,

LH

Please rate all posts

New Member

TACACS

Hi,

Please explain me how I can grant only several command into configuration mode with TACACS+?

I found example of tac_plus.conf file where I can grant "configuration terminal", but it is hard to find how to grant only "access-list" command but no "ip route".

Bronze

TACACS

When you create a user account within the TACACS+ program, you have the ability to assign specific commands to that user, or users, if you choose to group them together.

The structure is similar to Windows Server/workstation, create users, create groups, assign users into those groups, apply a certain permission set to that group that all the users will then inherit.

You can identify which commands that you will allow within the group and the users within that group will only have those commands available to them upon their logon and authentication via AAA.

404
Views
8
Helpful
6
Replies