Table of Contents
TACACS+ Overview
TACACS+ Overview
Cisco Global Site Selector Administration Guide
4-2
Clearing TACACS+ Statistics on the GSS
•
•
Disabling TACACS+ on a GSS
The TACACS+ protocol is a security application that provides centralized
validation of users who are attempting to gain access to the GSS. TACACS+
services are maintained in a relational database on a TACACS+ security daemon
running on a UNIX or Windows NT/Windows 2000 server.
TACACS+ provides for separate authentication, authorization, and accounting
(AAA) facilities between a GSS and the TACACS+ server. TACACS+ allows for
multiple access control servers (the TACACS+ security daemon) to provide the
AAA services. The Cisco Secure Access Control Server (ACS) is an example of
an AAA access control server.
TACACS+ uses TCP as the transport protocol for reliable delivery. Optionally,
you can configure the GSS to encrypt all traffic transmitted between the GSS
device and the TACACS+ server in the form of a shared secret.
When a user attempts to access a GSS device that is operating as a TACACS+
client, the GSS forwards the user authentication request to the TACACS+ server
(containing the username and password). The TACACS+ server returns either a
success or failure response depending on the information in the server's database.
Figure 4-1
shows a client GSS and a TACACS+ server configuration.
Figure 4-1
Simplified Example of Traffic Flow Between a GSS Client and a
TACACS+ Server
Client Name
Client
Chapter 4
Managing GSS User Accounts Through a TACACS+ Server
Server
(D-Proxy)
GSS 1
TACACS + Server
TACACS + Protocol
OL-10410-01
Hide quick links:
Table of Contents
