MNS-BB Software User Guide
-120-
22.5 Packet Encryption
Packet encryption is a supported (configurable) option for the MNS-BB Software. When encrypted,
all authentication and authorization TACACS+ packets are not readable even if network sniffers are
employed. Packet data are hashed and shared using MD5 and secret string. Both LE2425A or
LEV2525A and the TACACS+ Server must know this secret string to exchange packets.
Protocol Structure - TACACS and TACACS+
4 8 16 24 32 bits
Major Minor Packet type Sequence no. Flags
Session ID
Length
• Major version - The major TACACS+ version number.
• Minor version - The minor TACACS+ version number. This is intended to allow revisions to
the TACACS+ protocol while maintaining backwards compatibility.
• Packet type - Possible values are:
TAC_PLUS_AUTHEN:= 0x01 (Authentication).
TAC_PLUS_AUTHOR:= 0x02 (Authorization).
TAC_PLUS_ACCT:= 0x03 (Accounting).
• Sequence number - The sequence number of the current packet for the current session.
• Flags - This field contains various flags in the form of bitmaps. The flag values signify
whether the packet is encrypted.
• Session ID - The ID for this TACACS+ session.
• Length - The total length of the TACACS+ packet body (not including the header).
22.6 CLI
CLI commands to configure TACACS+
show tacplus: This command shows current TACACS+ configuration.
Syntax: show tacplus <status|servers>
status – choosing this option shows current TACACS+ global settings
servers – shows the current configured TACACS+ servers to connect to
LE2425A#show tacplus servers
ID TACACS+ Server Port Encrypt Key
================================================
1 10.21.1.170 49 Enabled secret
2 -- -- -- --
3 -- -- -- --
4 -- -- -- --
5 -- -- -- --
Note: A TACACS+ module does not have its own CLI context but rather its commands are under the
“user” context.
LE2425A# user <enter>
LE2425A(user)##
Tacplus: This command enables or disables TACACS+.
Syntax: tacplus <enable|disable>
To Next Page
Loading...
