What does TACACS+ stand for?
Terminal Access Control Access Control Server
What does RADIUS stand for?
Remote Authentication Dial-In User Service
What are some key differences between the way TACACS+ and RADIUS operate in regard to AAA?
TACACS separates all AAA functions into different elements. Radius combines authentication and authorization together.
TACACS is Cisco proprietary, RADIUS is an open standard
TACACS operates over Layer 4 via TCP, RADIUS uses UDP
TACACS encrypts all packets between the ACS server and router. RADIUS only encrypts passwords.
TACACS has granular control over command authorization (which commands can be executed). RADIUS does not.
TACACS has basic accounting support, RADIUS has more extensive accounting capability.
When setting up AAA via an ACS server, what step should you always to do avoid getting locked out of a router?
Be sure to always configure a local user in case the ACS server becomes unreachable or is not yet configured.
(config)# username admin privilege 15 secret cisco
What command would tell a router to check an ACS server for authentication before trying the local database?
(config)# aaa authentication login AUTH_via_tacacs group tacacs+ local
- (AUTH_via_tacacs is the method list name)
- "group" indicates that authentication will try tacacs first, then the local database.
What command configures a router to authentication / authorize with an ACS server?
(config)# tacacs-server host 192.168.1.251 key password123
What is the maximum amount of ways a user can be authenticated using method list?
What command must be issued on a router before any ACS functions can be used?
(confg)# aaa new-model