authentication, authorization and accounting (AAA) services. Compared to the open standard RADIUS
authentication (section 6.12 Radius), TACACS+ encrypts the entire payload whereas RADIUS only encrypts
passwords.
Item Description
Global Cong Global parameters that can be overwritten by port-specic conguration.
Server
timeout
The global timeout interval determines how long the switch waits for responses from
TACACS+ servers before declaring a timeout failure.
Server retry
count
Species the number of retry attempts that will be made to establish a Transmission
Control Protocol (TCP) connection between a TACACS+ client and the TACACS+ server. The
default value is 3.
Conversation /
Connect
This parameter denes how many connections there will be between router daemon.
Only: “single-connection”
The daemon must support single-connection mode for this to be eective; otherwise, the
connection between the network access server and the daemon will lock up or you will
receive spurious errors.
Key type 0: Key value in clear text format
7: Key value is type-7 encrypted.
Key Type in the key value.
Item Description
Port Cong Global parameters that can be overwritten by port-specic conguration.
Server IP IP Address for the TACSACS+ server.
Authentication port Dene the TCP port number of the TACSACS+ server connection.
Server timeout The timeout interval determines how long the switch waits for responses from a
specic TACACS+ server before declaring a timeout failure. If left empty, the global
server timeout value will be used; otherwise, the server timeout takes precedence.
Key type 0: Key value in clear text format
7: Key value is type-7 encrypted.
Key Key value.