Security configuration guide, cisco ios xe fuji 16.9.x (catalyst 9300 switches) – configuring tacacs [support] – cisco

Security configuration guide, cisco ios xe fuji 16.9.x (catalyst 9300 switches) – configuring tacacs [support]

TACACS is a security
application that provides centralized validation of users attempting to gain
access to your switch.

TACACS provides for
separate and modular authentication, authorization, and accounting facilities.
TACACS allows for a single access control server (the TACACS daemon) to
provide each service—authentication, authorization, and
accounting—independently. Each service can be tied into its own database to
take advantage of other services available on that server or on the network,
depending on the capabilities of the daemon.

The goal of TACACS is
to provide a method for managing multiple network access points from a single
management service. Your switch can be a network access server along with other
Cisco routers and access servers.

Figure 1. Typical TACACS
Network Configuration
Typical TACACS  Network Configuration

TACACS , administered
through the AAA security services, can provide these services:

  • Authentication—Provides complete control of authentication
    through login and password dialog, challenge and response, and messaging
    support.

    The authentication
    facility can conduct a dialog with the user (for example, after a username and
    password are provided, to challenge a user with several questions, such as home
    address, mother’s maiden name, service type, and social security number). The
    TACACS authentication service can also send messages to user screens. For
    example, a message could notify users that their passwords must be changed
    because of the company’s password aging policy.

  • Authorization—Provides fine-grained control over user
    capabilities for the duration of the user’s session, including but not limited
    to setting autocommands, access control, session duration, or protocol support.
    You can also enforce restrictions on what commands a user can execute with the
    TACACS authorization feature.

  • Accounting—Collects and sends information used for billing,
    auditing, and reporting to the TACACS daemon. Network managers can use the
    accounting facility to track user activity for a security audit or to provide
    information for user billing. Accounting records include user identities, start
    and stop times, executed commands (such as PPP), number of packets, and number
    of bytes.

Похожее:  Дискорд Онлайн: как войти в Discord через браузер

The TACACS protocol
provides authentication between the switch and the TACACS daemon, and it
ensures confidentiality because all protocol exchanges between the switch and
the TACACS daemon are encrypted.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *