Cisco OL-4015-08 Spécifications télécharger pdf (Page 109)

Chapter 4 Managing GSS User Accounts Through a TACACS+ Server

TACACS+ Overview

4-2

Cisco Global Site Selector Administration Guide

OL-5480-01

TACACS+ Overview

The Terminal Access Controller Access Control System (TACACS+) protocol is

a security application that provides centralized validation of users who are

attempting to gain access to the GSS. TACACS+ services are maintained in a

relational database on a TACACS+ security daemon running on a UNIX or

Windows

NT/Windows 2000 server.

TACACS+ provides for separate authentication, authorization, and accounting

(AAA) facilities between a GSS and the TACACS+ server. TACACS+ allows for

multiple access control servers (the TACACS+ security daemon) to provide the

AAA services. The Cisco Secure Access Control Server (ACS) is an example of

an AAA access control server.

TACACS+ uses TCP as the transport protocol for reliable delivery. Optionally,

you can configure the GSS to encrypt all traffic transmitted between the GSS

device and the TACACS+ server in the form of a shared secret.

When a user attempts to access a GSS device that is operating as a TACACS+

client, the GSS forwards the user authentication request to the TACACS+ server

(containing the username and password). The TACACS+ server returns either a

success or failure response depending on the information in the server’s database.

Figure 4-1 illustrates a client GSS and a TACACS+ server configuration.

Figure 4-1 Simplified Example of Traffic Flow Between a GSS Client and a

TACACS+ Server

119124

Client Name

Server

(D-Proxy)

GSS 1

TACACS + Protocol

TACACS + Server

Client

1 2 ... 104 105 106 107 108 109 110 111 112 113 114 ... 211 212

Pas de commentaire

Cisco OL-4015-08 Spécifications Page 109