196 Configuring Authentication, Authorization, and Accounting
You can configure each server host with a specific connection type, port,
timeout, and shared key, or you can use global configuration for the key and
timeout.
The TACACS+ server can do the authentication itself, or redirect the request
to another back-end device. All sensitive information is encrypted and the
shared secret is never passed over the network; it is used only to encrypt the
data.
Which TACACS+ Attributes Does the Switch Support?
Table 9-6 lists the TACACS+ attributes that the switch supports and
indicates whether the authorization or accounting service supports sending or
receiving the attribute. The authentication service does not use attributes.
You can configure these attributes on the TACACS+ server(s) when utilizing
the switch TACACS+ service.
Table 9-6. Supported TACACS+ Attributes
Attribute Name Exec Authorization Command
Authorization
Accounting
cmd both (optional) sent sent
cmd-arg sent
elapsed-time sent
priv-lvl received
protocol sent
roles both (optional)
service=shell both sent sent
start-time sent
stop-time sent
To Next Page
Loading...
