CHAPTER 5
Configuring TACACS+
This chapter contains the following sections:
•
Information About Configuring TACACS+, page 45
•
Prerequisites for TACACS+, page 47
•
Guidelines and Limitations for TACACS+, page 48
•
Configuring TACACS+, page 48
Information About Configuring TACACS+
The Terminal Access Controller Access Control System Plus (TACACS+) security protocol provides centralized
validation of users attempting to gain access to a Cisco Nexus device. TACACS+ services are maintained in
a database on a TACACS+ daemon typically running on a UNIX or Windows NT workstation. You must
have access to and must configure a TACACS+ server before the configured TACACS+ features on your
Cisco Nexus device are available.
TACACS+ provides for separate authentication, authorization, and accounting facilities. TACACS+ allows
for a single access control server (the TACACS+ daemon) to provide each service (authentication, authorization,
and accounting) independently. Each service is associated with its own database to take advantage of other
services available on that server or on the network, depending on the capabilities of the daemon.
The TACACS+ client/server protocol uses TCP (TCP port 49) for transport requirements. The Cisco Nexus
device provides centralized authentication using the TACACS+ protocol.
TACACS+ Advantages
TACACS+ has the following advantages over RADIUS authentication:
•
Provides independent AAA facilities. For example, the Cisco Nexus device can authorize access without
authenticating.
•
Uses the TCP transport protocol to send data between the AAA client and server, making reliable transfers
with a connection-oriented protocol.
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
45
To Next Page
Loading...
