Chapter 14 Sys Screens
Management Switch Card User’s Guide
577
TACACS+ (Terminal Access Controller Access-Control System Plus) as external authentication,
authorization and accounting servers.
Figure 397 AAA Server
14.10.1 Local User Accounts
By storing user profiles locally on the system, your system is able to authenticate and authorize
users without interacting with a network authentication server. However, there is a limit on the
number of users you may authenticate in this way.
14.10.2 RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an external
server instead of (or in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate
an unlimited number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
14.10.3 Authentication and Accounting Setup
Click Sys > AAA to display the following screen. Use this screen to configure authentication and
accounting settings.
To enable authentication, first, configure your authentication server settings (RADIUS, TACACS+ or
both) and then set up the authentication priority, authorization, and accounting settings.
Table 310 RADIUS vs. TACACS+
RADIUS TACACS+
Transport Protocol UDP (User Datagram Protocol) TCP (Transmission Control Protocol)
Encryption Encrypts the password sent for
authentication.
All communication between the client (the MSC)
and the TACACS server is encrypted.
To Next Page
Loading...
