What Is TACACS / XTACACS / TACACS+ (Terminal Access Controller Access Control System)? – POFTUT

What Is TACACS / XTACACS / TACACS+ (Terminal Access Controller Access Control System)?

Terminal Access Controller Access Control System or TACACS is a protocol used for AAA (Authentication, Authorization, and Audit). TACACS is created in 1984 .TACACS is heavily used by the Cisco and Cisco created some extended version of TACACS named XTACACS , TACACS+. TACACS is defined with the IETF RFC 927 in 1984 and then updated with RFC 1492 in 1993.

AAA (Authentication, Authorization, Audit )

TACACS is a complete protocol designed and updated to meet IT world AAA (Authentication, Authorization, and Audit). Let’s learn what AAA means

  • Authentication is the process which is used to authentication given identity whether is or not. For example, while signing in a web page we provide the user name, password in order to authenticate ourself. We need the username and password for authentication but also private key, dongle or similar things can be used for authentication.
  • Authorization is the process of providing some right to the authenticated user. Generally, some roles are used for the given identity to operate. For example, if we authentication with a user which have Administrator role providing the Administrator rights named as Authorization.
  • Audit is taking some logs about the actions of the users and roles. This is very useful to audit and analyze the actions later for different purposes like incident, compliance, etc.

TACACS

TACACS is a protocol which is served by a server service. TACACS server handles all request related AAA and response to these requests. TACACS works on server TCP port number 49 by default but it can be changed according to needs. UDP 49 also used for TACACS  according to the situation.

LEARN MORE  How To Create and Setup SSH Keys For Passwordless and Public Key Based Authentication In Linux?

XTACACS

XTACACS is the Extended TACACS which provides a lot more features than TACACS protocol. The most visible difference between TACACS and XTACACS  is the authentication, authorization and audit processes are separate processes. So the authentication, authorization and audit processes can be done by different XTACACS servers.

TACACS+

TACACS+ is a completely new protocol which is different than TACACS and XTACACS and is not compatible with them. TACACS+ is Cisco designed extension to the TACACS which adds encryption and granular command control.

TACACS Server

As TACACS is a protocol a TACACS service can be served from a different type of systems. Cisco provides the product ISE which provides AAA with a different protocol where it also supports TACACS and TACACS+ . For Linux distributions, TACACS+ can be installed with the tac_plus package name. Below there is a simple TACACS+ configuration which restricts commands for different user groups.

TACACS Server Configuration For Linux

TACACS Server Configuration For Linux

TACACS vs TACACS+ vs RADIUS

Well TACACS is a very old protocol which does not provide features for today needs. TACACS+ is designed by the Cisco which can provide very useful and up to date features for today AAA. Radius also provides similar functions to the TACACS+ and popular in IT too.

Cisco TACACS Configuration

As Cisco is the creator of the TACACS+ protocol we will configure a Cisco device like a switch, router to use a TACACS+ server. Below we will set the TACACS+ server IP address or hostname if the hostnames can be resolved via DNS.

In the following line, we will configure a key which will be used to authentication and encryption with the communication of the TACACS+ server.

LEARN MORE  WPS (Wi-Fi Protected Setup) Tutorial With Examples

Now we can configure a new aaa for the cisco device and set the TACACS+ server and key.

Leave a Reply

Your email address will not be published. Required fields are marked *

Enjoy this blog? Please spread the word :)