Table of Contents
Advertisement
Controlling WMIC Access with TACACS+
Controlling WMIC Access with TACACS+
This section describes how to control administrator access to the WMIC using Terminal Access
Controller Access Control System Plus (TACACS+).
TACACS+ provides detailed accounting information and flexible administrative control over
authentication and authorization processes. TACACS+ is facilitated through AAA and can be enabled
only through AAA commands.
For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Note
Security Command Reference for Release 12.2.
Understanding TACACS+
TACACS+ is a security application that provides centralized validation of users attempting to gain access
to your bridge. Unlike RADIUS, TACACS+ does not authenticate non-root bridges that are associated
to the root device.
TACACS+ services are maintained in a database on a TACACS+ daemon, which, typically, is running
on a UNIX or Windows NT workstation. You should have access to and should configure a TACACS+
server before you configure TACACS+ features on your WMIC.
TACACS+ provides for separate and modular authentication, authorization, and accounting facilities.
TACACS+ allows for a single access control server (the TACACS+ daemon) to provide each
service—authentication, authorization, or accounting—independently. Each service can be tied into its
own database to take advantage of other services available on that server or on the network, depending
on the capabilities of the daemon.
Administered through the AAA security services, TACACS+ can provide these services:
•
•
•
The TACACS+ protocol provides authentication between the WMIC and the TACACS+ daemon, and it
ensures confidentiality because all protocol exchanges between the WMIC and the TACACS+ daemon
are encrypted.
Your system must be running the TACACS+ daemon software to use TACACS+ on your WMIC.
Cisco 3200 Series Wireless MIC Software Configuration Guide
32
Authentication—Provides complete control of authentication of administrators through login and
password dialog, challenge and response, and messaging support.
The authentication facility can conduct a dialog with the administrator (for example, after a
username and password are provided, to challenge a user with several questions, such as home
address, mother's maiden name, service type, and social security number). The TACACS+
authentication service can also send messages to administrator screens. For example, a message
could notify administrators that their passwords must be changed because of the company's
password aging policy.
Authorization—Provides "fine-grained" control over administrator capabilities for the duration of
the administrator's session, including but not limited to setting autocommands, access control,
session duration, or protocol support. You can also enforce restrictions on the commands that an
administrator can execute with the TACACS+ authorization feature.
Accounting—Collects and sends information used for billing, auditing, and reporting to the
TACACS+ daemon. Network managers can use the accounting facility to track administrator activity
for a security audit or to provide information for user billing. Accounting records include
administrator identities, start and stop times, executed commands (such as PPP), number of packets,
and number of bytes.
Administering the WMIC
Hide quick links:
Advertisement
Table of Contents
