10.2.1 Introduction to RADIUS/TACACS+
RADIUS (Remote Authentication Dial In User Service), TACACS+(Terminal Access Controller Access Control System Plus) is a protocol that provides authentication, authorization, and accounting for NAS(Network Access Server). A NAS is a device such as a remote access server or router that acts as a RADIUS or TACACS+ client. A NAS device requests services such as user authentication, command authorization, and accounting from the configured RADIUS or TACACS+ server. The server responds to service requests based on the data in its management information database. The Switch supports NAS functionality.
When RADIUS or TACACS+ is implemented, authentication information such as user passwords used by the NAS devices, command authorization information, and accounting information can be centrally managed by one RADIUS or TACACS+ server. The Switch can request authentication, authorization, and accounting services from a RADIUS or TACACS+ server.
The following figure shows the flow of RADIUS or TACACS+ authentication.
|
|
![[Figure Data]](./GRAPHICS/ZU108010.GIF)