Send documentation comments to mdsfeedback-doc@cisco.com
41-14
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 41 Configuring RADIUS and TACACS+
Configuring TACACS+ Server Monitoring Parameters
The SNMPv3 authentication protocol options are SHA and MD5. The privacy protocol options are
AES-128 and DES. If these options are not specified in the cisco-av-pair attribute on the ACS server,
MD5 and DES are used by default.
Configuring TACACS+ Server Monitoring Parameters
A Cisco MDS switch uses the Terminal Access Controller Access Control System Plus (TACACS+)
protocol to communicate with remote AAA servers. You can configure multiple TACACS+ servers and
set timeout values.
This section includes the following topics:
• About TACACS+, page 41-14
• About TACACS+ Server Default Configuration, page 41-14
• About the Default TACACS+ Server Encryption Type and Preshared Key, page 41-15
• Setting the Default TACACS+ Server Encryption Type and Preshared Key, page 41-15
• Setting the Default TACACS+ Server Timeout Interval and Retransmits, page 41-15
• About TACACS+ Servers, page 41-16
• Configuring a TACACS+ Server, page 41-16
• About Validating a TACACS+ Server, page 41-17
• Displaying TACACS+ Server Statistics, page 41-18
• About Users Specifying a TACACS+ Server at Login, page 41-18
• Allowing Users to Specify a TACACS+ Server at Login, page 41-18
• About Custom Attributes for Roles, page 41-19
• Supported TACACS+ Servers, page 41-19
About TACACS+
TACACS+ is a client/server protocol that uses TCP (TCP port 49) for transport requirements. All
switches in the Cisco MDS 9000 Family provide centralized authentication using the TACACS+
protocol. The TACACS+ has the following advantages over RADIUS authentication:
• Provides independent, modular AAA facilities. Authorization can be done without authentication.
• Uses the TCP transport protocol to send data between the AAA client and server, making reliable
transfers with a connection-oriented protocol.
• Encrypts the entire protocol payload between the switch and the AAA server to ensure higher data
confidentiality. The RADIUS protocol only encrypts passwords.
About TACACS+ Server Default Configuration
Fabric Manager allows you to set up a default configuration that can be used for any TACACS+ server
that you configure the switch to communicate with. The default configuration includes:
• Encryption type
• Preshared key
To Next Page
Loading...
Need help?
General
