- Terminal Access Controller Access Control System
- Similar to RADIUS
- Used to be proprietary
- TCP 49
- AAA over a single channel
- Best for administrative services
To vs. Through
- RADIUS is best suited for end users gaining access to the network
- TACACS is best for providing AAA service to administrators that are managing devices
- Both can be used!
Command Authorization
- Commands can be authorized and accounted using TACACS
- Commands are grouped by job function
- We are going to create a command authorization list on our TACACS server
- This enables the administrators to isolate which commands are usable by which users.
- Privileges are assigned to groups
- Users are associated with groups to gain right
- SAN / WAN / SEC teams can have different commands available; all will be accounted for
- Who granted the access to that?