1164 PowerConnect B-Series FCX Configuration Guide53-1002266-01Configuring TACACS/TACACS+ security32NOTEYou cannot authenticate Brocade Network Advisor (SNMP) access to a Dell PowerConnect deviceusing TACACS/TACACS+.The TACACS and TACACS+ protocols define how authentication, authorization, and accountinginformation is sent between a Dell PowerConnect device and an authentication database on aTACACS/TACACS+ server. TACACS/TACACS+ services are maintained in a database, typically on aUNIX workstation or PC with a TACACS/TACACS+ server running.How TACACS+ differs from TACACSTACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET.TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery.TACACS+ is an enhancement to the TACACS security protocol. TACACS+ improves on TACACS byseparating the functions of authentication, authorization, and accounting (AAA) and by encryptingall traffic between the Dell PowerConnect device and the TACACS+ server. TACACS+ allows forarbitrary length and content authentication exchanges, which allow any authentication mechanismto be utilized with the Dell PowerConnect device. TACACS+ is extensible to provide for sitecustomization and future development features. The protocol allows the Dell PowerConnect deviceto request very precise access control and allows the TACACS+ server to respond to eachcomponent of that request.NOTETACACS+ provides for authentication, authorization, and accounting, but an implementation orconfiguration is not required to employ all three.TACACS/TACACS+ authentication, authorization,and accountingWhen you configure a Dell PowerConnect device to use a TACACS/TACACS+ server forauthentication, the device prompts users who are trying to access the CLI for a user name andpassword, then verifies the password with the TACACS/TACACS+ server.If you are using TACACS+, Dell recommends that you also configure authorization, in which the DellPowerConnect device consults a TACACS+ server to determine which management privilege level(and which associated set of commands) an authenticated user is allowed to use. You can alsooptionally configure accounting, which causes the device to log information on the TACACS+ serverwhen specified events occur on the device.NOTEBy default, a user logging into the device from Telnet or SSH would first enter the User EXEC level.The user can enter the enable command to get to the Privileged EXEC level.A user that is successfully authenticated can be automatically placed at the Privileged EXEC levelafter login. Refer to “Entering privileged EXEC mode after a Telnet or SSH login” on page 1174.
