Filter
Top Products
DES-7200 Configuration Guide Chapter 3 TACACS+ Configuration
3-1
3 TACACS+ Configuration
3.1 TACACS+ Overview
TACACS+ is a security protocol with more powerful function on the basis of TACACS
(RFC 1492 Terminal Access Controller Access Control System). It implements AAA
function of multi-users by Client-Server mode and TACACS server communication. It
needs to configure the related contents of TACACS+ server before using TACACS+
server.
TACACS+ supports user authentication, authorization and accounting analysis. That
is, we can use one server to authenticate, another one to authorize and the third one
to account at the same time. Each server has its own user data information, being
antagonistic to authenticate, authorize and account.
The table below shows TACACS+ packet format:
Figure 1
z Major Version ― Major TACACS+ Version number;
z Minor Version ― Minor TACACS+ Version number;
z Packet Type ― the value may include:
TAC_PLUS_AUTHEN: = 0x01 (Authentication);
TAC_PLUS_AUTHOR:= 0x02 (Authorization);
TAC_PLUS_ACCT:= 0x03 (Accounting).
z Sequence Number ― packet sequence number in current session. The first
TACACS+ packet sequence number in the session must be 1 and every packet
sequence number followed is added by 1 gradually. Therefore, the client only sends
the packet with odd sequence number, while TACACS+ Daemon only sends the
packet with even sequence number.
z Flags ― this field includes flag with various bitmap format. The Flag value