5-2
TACACS+ Authentication
Terminology Used in TACACS Applications:
TACACS+ in the switches covered in this guide manages authentication of 
logon attempts through either the Console port or Telnet. TACACS+ uses an 
authentication hierarchy consisting of (1) remote passwords assigned in a 
TACACS+ server and (2) local passwords configured on the switch. That is, 
with TACACS+ configured, the switch first tries to contact a designated 
TACACS+ server for authentication services. If the switch fails to connect to 
any TACACS+ server, it defaults to its own locally assigned passwords for 
authentication control if it has been configured to do so. For both Console 
and Telnet access you can configure a login (read-only) and an enable (read/
write) privilege level access. 
TACACS+ does not affect WebAgent access. See “Controlling WebAgent 
Access” on page 5-28.
Terminology Used in TACACS 
Applications:
■ NAS (Network Access Server): This is an industry term for a 
TACACS-aware device that communicates with a TACACS server for 
authentication services. Some other terms you may see in literature 
describing TACACS operation are communication server, remote 
access server, or terminal server. These terms apply to a switch when 
TACACS+ is enabled on the switch (that is, when the switch is 
TACACS-aware).   
■ TACACS+ Server: The server or management station configured as 
an access control server for TACACS-enabled devices. To use 
TACACS+ with a switch covered in this guide and any other TACACS-
capable devices in your network, you must purchase, install, and 
configure a TACACS+ server application on a networked server or 
management station in the network. The TACACS+ server application 
you install will provide various options for access control and access 
notifications. For more on the TACACS+ services available to you, 
see the documentation provided with the TACACS+ server applica-
tion you will use. 
■ Authentication: The process for granting user access to a device 
through entry of a user name and password and comparison of this 
username/password pair with previously stored username/password 
data. Authentication also grants levels of access, depending on the 
privileges assigned to a user name and password pair by a system 
administrator.