TACACS+ Authentication
Terminology Used in TACACS Applications:
TACACS+ server for authentication services. If the switch fails to connect to
any TACACS+ server, it defaults to its own locally assigned passwords for
authentication control if it has been configured to do so. For both Console
and Telnet access you can configure a login (read-only) and an enable (read/
write) privilege level access.
TACACS+ does not affect web browser interface access. See “Controlling Web
Browser Interface Access” on page 4-27.
Terminology Used in TACACS
Applications:
■ NAS (Network Access Server): This is an industry term for a TACACS-
aware device that communicates with a TACACS server for authentication
services. Some other terms you may see in literature describing TACACS
operation are communication server, remote access server, or terminal
server. These terms apply to a switch when TACACS+ is enabled on the
switch (that is, when the switch is TACACS-aware).
■ TACACS+ Server: The server or management station configured as an
access control server for TACACS-enabled devices. To use TACACS+ with
a switch covered in this guide and any other TACACS-capable devices in
your network, you must purchase, install, and configure a TACACS+
server application on a networked server or management station in the
network. The TACACS+ server application you install will provide various
options for access control and access notifications. For more on the
TACACS+ services available to you, see the documentation provided with
the TACACS+ server application you will use.
■ Authentication: The process for granting user access to a device through
entry of a user name and password and comparison of this username/
password pair with previously stored username/password data. Authen-
tication also grants levels of access, depending on the privileges assigned
to a user name and password pair by a system administrator.
• Local Authentication: This method uses username/password
pairs configured locally on the switch; one pair each for manager-
level and operator-level access to the switch. You can assign local
usernames and passwords through the CLI or web browser inter-
face. (Using the menu interface you can assign a local password,
but not a username.) Because this method assigns passwords to
the switch instead of to individuals who access the switch, you
must distribute the password information on each switch to
4-3
