TACACS+ is a protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers.
An industry Leader in access solutions for data telecommunications applications.
Salient Product Features
TACACS+ is based on AAA model:
- Authentication - The action of determining who a user is.
- Authorization - The action of determining what a user is allowed to do. It can be used to customize the service for the particular user.
- Accounting - The action of recording what a user is doing, and/or has done.
- TACACS+ generic software application was provided as an OS module to the client, including functionality and CLI commands.
- The TACACS+ client module supportssingle session on a single TCP connection.
- The TACACS+ client module returns to the calling application all possible failure reasons.
- The TACACS+ client module supports for showing debugging information if needed.
- The application supports a maximum of 5 servers.
The TACACS+ remote access environment has three major components:
- Access client
- TACACS+ client
- TACACS+ server
The access client is an entity which seeks the services offered by the network. TACACS+ client running on the device, process the requests from the access
client and pass this data to TACACS+ server for authentication. The TACACS+ server should authenticate the request, and should authorize services over the
connection. The TACACS+ server does this by matching data from the TACACS+ client`s request with entries in a trusted database.
The AAA security model, upon which TACACS+ protocol is based, states an exact distinction between the three functionalities of network user access:
Authentication, Authorization and Accounting. The activation of each of these three functionalities can be configured independently on the TACACS+ client.
TACACS+ server decides whether to accept or reject the user's authentication or authorization. Based on this response from the TACACS+ server, the TACACS+
client should decide whether to establish the user's connection or terminate the user's connection attempt.
The TACACS+ client also sends accounting data to the TACACS+ server to record in a trusted database.
Key Customer Value
In some networking infrastructure TACACS+ can be used as the AAA method. By supporting TACACS+ also in their product along with RADIUS the customer was
able find more market for their product.