TACACS+ Server Configuration
358
G8264 Command Reference for ENOS 8.4
TACACS (Terminal Access Controller Access Control system) is an authentication
protocol that allows a remote access server to forward a userʹs logon password to
an authentication server to determine whether access can be allowed to a given
system. TACACS is not an encryption protocol and therefore less secure than
TACACS+ and Remote Authentication Dial‐In User Service (RADIUS) protocols.
Both TACACS and TACACS+ are described in RFC 1492.
TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the
Transmission Control Protocol (TCP) whereas RADIUS uses the User Datagram
Protocol (UDP). Also, RADIUS combines authentication and authorization in a
user profile, whereas TACACS+ separates the two operations.
TACACS+ offers the following advantages over RADIUS as the authentication
device:
TACACS+ is TCP‐based, so it facilitates connection‐oriented traffic.
It supports full‐packet encryption, as opposed to password‐only in
authentication requests.
It supports de‐coupled authentication, authorization and accounting.
Table 154.
TACACS+ Server Configuration Options
Command Syntax and Usage
[no] tacacsserver accountingenable
Enables or disables TACACS+ accounting.
Command mode: Global configuration
tacacsserver attempts <1‐10>
Sets the number of failed login attempts before disconnecting the user.
The default is 2 attempts.
Command mode: Global configuration
no tacacsserver attempts
Resets the number of failed login attempts to the default value of 2.
Command mode: Global configuration
[no] tacacsserver backdoor
Enables or disables the TACACS+ back door for Telnet, SSH/SCP or
HTTP/HTTPS.
Enabling this feature allows you to bypass the TACACS+ servers. It is
recommended that you use Secure Backdoor to ensure the switch is secured,
because Secure Backdoor disallows access through the back door when the
TACACS+ servers are responding.
The default setting is disabled.
To obtain the TACACS+ backdoor password for your G8264, contact your
Service and Support line.
Command mode: Global configuration