Introduction to TACACS and TACACS+ (Terminal Access Controller Access Control System)
Today I am going to talk about the TACACS and TACACS+ basics with you. I am sure most of you already knew TACACS and TACACS+ as many of you worked and configured the configuration on your devices whether it will Cisco, Juniper or any other vendor in your network.
Here in this article I am Just talk about TACACS and TACACS+ as follow.
What is TACACS and TACACS+ ?
Well all of you already listern this term so many times but many of you confuse what is TACACS and TACACS+.
Terminal Access Controller Access Control System or called as TACACS is a authentication protocol and is commonly used within the UNIX based networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system.
TACACS and TACACS+
TACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET. TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery.
Fig 1.1- TACACS and TACACS+ Server
|
TACACS+ is an enhancement to the TACACS security protocol. TACACS+ improves on TACACS by separating the functions of authentication, authorization, and accounting (AAA) and by encrypting all traffic between the Vendor device and the TACACS+ server. TACACS+ allows for arbitrary length and content authentication exchanges, which allow any authentication mechanism to be utilized with your device.
TACACS+ is extensible to provide for site customization and future development features. The protocol allows the device to request very precise access control and allows the TACACS+ server to respond to each component of that request.
TACACS and TACACS+ Security
Let's talk about the TACACS and TACACS+ Security as a e security protocol for Terminal Access Controller Access Control System (TACACS) or TACACS+ to authenticate the following kinds of access to the device:
- Telnet access
- SSH access
- Console access
- Web management access
- Access to the Privileged EXEC level and CONFIG levels of the CLI
The TACACS and TACACS+ protocols define how authentication, authorization, and accounting information is sent between a Brocade device and an authentication database on a TACACS or your TACACS+ server. TACACS or TACACS+ services are maintained in a database and typically on a UNIX workstation or PC with a TACACS or TACACS+ server running.
Below is the diagram showing the difference between the RADIUS and TACACS+ or TACACS
Fig 1.2- TACACS+ Vs RADIUS
|
Now I am going to talk about the basic configurations of TACACS and TACACS+. Below are the configurations of TACACS and TACACS+ on to the Brocade devices
Sample Basic Configuration of TACACS and TACACS+ for Brocade Devices
!
aaa authentication login default tacacs+ enable
aaa authentication login privilege-mode
aaa authorization commands 0 default tacacs+
aaa authorization exec default tacacs+
aaa accounting commands 0 default start-stop tacacs+
aaa accounting exec default start-stop tacacs+
aaa accounting system default start-stop tacacs+
enable aaa console
hostname Fred
ip address 172.10.1.56 255.255.255.0
tacacs-server host 255.255.253.255
tacacs-server key 2 %d3KpZ0RVRFpJ
!