Central Site Remote Access Switch 219CONFIGURING O FF - NODE S ERVER I NFORMATIONTACACS Authentication ServerU SING M ANAGE M ODE C OMMANDStacacsDisplays the current TACACS off-node server configuration data.tacacs changeAllows you to change the current TACACS off-node server configuration data. After enteringthetacacs change command, you will be prompted for the configuration elements youwant to change.TACACS A UTHENTICATION SERVER CONFIGURATION ELEMENTSIP A DDRESSThe IP address in dotted decimal notation for the TACACS Server.UDP P ORT N UMBERThe UDP port number used by the TACACS Server. The default value of 49 is almost always used.N UMBER OF A CCESS R EQUEST R ETRIESThe number of Access Request Retries that the system will send to the TACACS Server. The initialdefault value is 3. The acceptable range is from 0 to 32,767.TIME BETWEEN A CCESS R EQUEST R ETRIESThe time between Access Request Retries sent from the system. The initial default value is 1 second.The acceptable range is from 1 to 10,000.TACACS PACKET FORMATThe TACACS format for device authentication. The default format is ID code, PIN.TACACS A UTHENTICATION SERVER BACKGROUND I NFORMATIONThe Terminal Access Controller Access Control System (TACACS) is a database supported by theCyberSWITCH. TACACS operates using two components: client code and server code. TACACSserver software is installed on a UNIX-based system connected to the CyberSWITCH network. Theclient protocols allow the system to communicate with the TACACS server, ultimatelyauthenticating devices.The following is a typical scenario if the TACACS Server is activated: with user level security, aremote user will Telnet into a specified system port for user authentication. The system, in turn, willsend an access request to the primary TACACS Server. After the configured time interval thesystem will send an access request retry if the primary server does not respond. After theconfigured number of retries, the system will request authentication information from thesecondary server if one is configured. The connection will be released if neither server responds tothe access requests.Note: For user level security, the CyberSWITCH’s default Telnet port number is 7000, not thenormal default (23).