Cisco^® CCNA Exam Cram Notes :TACACS+ Server

VIII. Security Fundamentals

10. TACACS+ Server

TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ services are maintained in a database on a TACACS+ daemon running, typically, on a UNIX or Windows NT workstation. We must have access to and must configure a TACACS+ server before the configured TACACS+ features on a network access server are available. It provides for separate and modular authentication, authorization, and accounting facilities. TACACS+ allows for a single access control server (the TACACS+ daemon) to provide each service authentication, authorization, and accounting independently. Each service can be tied into its own database to take advantage of other services available on that server or on the network, depending on the capabilities of the daemon. The goal of TACACS+ is to provide a methodology for managing multiple network access points from a single management service. The Cisco family of access servers and routers and the Cisco IOS user interface (for both routers and access servers) can be network access servers.

Syntax: Router(config)#tacacs-server host <ip-address> key <keyname>

Ex: Router(config)#tacacs-server host 192.168.10.1 key cisco123

Features of TACACS+ Server

a. Granular control: TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. TACACS+ is very commonly used for device administration.

b. TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header.

c. TACACS+ is a Cisco proprietary protocol (later became an Open standard), and very widely supported by various vendors offering AAA servers. Note that RADIUS is an Open Standard and widely supported too.

d. TACACS+ uses TCP port (port #49) to communicate between the server and the client.

With respect to the given command "test aaa group tacacs+ admin Frisco123 legacy", the following are true:

• It enables you to verify that the ACS to router authentication component is working

• Frisco123 is the shared secret that has been configured on the ACS server

• It tests the reachability of ACS server

• TACACS+ is the group name

TACACS+ uses TCP and provides separate authentication, authorization and accounting services. Port used by TACACS+ is TCP 49. The RADIUS or TACACS+ protocol can provide a central authentication protocol to authenticate users, routers, switches or servers.

CCNA Cram Notes Contents

• I. Networking Fundamentals
  • 1. Explain role and function of network components
    • 1.1 TCP and UDP
    • 1.2 TCP and UDP Frames
    • 1.3 Next-generation firewalls and IPS
    • 1.4 Access points
    • 1.5 Endpoints
    • 1.6 Routers,Switches and Servers
    • 1.7 Controllers (Cisco DNA Center and WLC)
  • 2. Network topologies and Flow control
    • 2.1 Different Types of N/w Topologies
    • 2.2 Ethernet and CSMA/CD
    • 2.3 3 tier
    • 2.4 2 tier
    • 2.5 Spine-leaf
    • 2.6 Small office/home office (SOHO)
  • 3. Compare physical interface and cabling types
    • 3.1. Single-mode fiber, multimode fiber,copper
    • 3.2 Connections (Ethernet shared media and point-to-point)
    • 3.3 Concepts of POE
  • 4. IPv4 Addressing
    • 4.1 Subnetting (IP4)
    • 4.2 VLSM
    • 4.3 Examples on subnetting
  • 5. IPv6 addressing
  • 6. Cloud computing
  • 7. Describe wireless principles
    • 7.1 Nonoverlapping Wi-Fi channels
    • 7.2 SSID
    • 7.3 RF
    • 7.4 Encryption
• II. Cisco IOS
  • 1. Cisco Router Architecture
    • 1.1 Block Diagram
    • 1.2 Architectural Components of a Router
    • 1.3 Memory Details of a Typical Cisco Router
  • 2. Cisco Router (25xx series) and its interfaces
    • 2.1 Interfaces Explained
    • 2.2 Console Port Configuration
  • 3. Router modes of operation
  • 4. Frequently used copy commands
  • 5. Different types of router passwords
• III. Routing Technologies
  • 1. Routed and Routing Protocol
  • 2. Routing protocol types
  • 3. Static and Default route
  • 4. Floating static route
  • 5. Distance vector and link-state routing protocols
  • 6. Interior and Exterior routing protocols
  • 7. OSPFv2 for IPv4
• IV. LAN Switching Technologies
  • 1. Introduction to Cisco Switches
  • 2. Switching methods
  • 3. File systems available in Catalyst switches and their usage
  • 4. Switch configuration commands
  • 5. VLANs and VTP
  • 6. Spanning Tree Protocol
  • 7. CDP and LLDP
  • 8. EtherChannel Configuration
• V. WAN Technologies
  • 1. WAN Terms
  • 2. PPP and MLPPP
  • 3. PPPoE
  • 4. MPLS
  • 5. MetroEthernet
  • 6. DTE and DCE
  • 7. Different cable types
  • 8. Interface specifications
  • 9. QoS
• VI. Network Access
  • 1. Wireless Architecture and AP modes
  • 2. Physical infrastructure connections of WLAN components
  • 3. Configure the components of a wireless LAN access for client connectivity using GUI
• VII. IP connectivity and Services
  • 1. DNS
  • 2. DHCP
  • 3. NAT
  • 4. FHRP
  • 5. HSRP
  • 6. NTP
  • 7. Capabilities and function of TFTP/FTP in the network
  • 8. SNMPv2 and SNMPv3
  • 9. Show commands and other related commands
• VIII. Security Fundamentals
  • 1. Security Concepts
  • 2. Describe Security Program elements
  • 3. Security Password policies elements
  • 4. Layer2 security features
  • 5. IPv4 access-list
  • 6. IPv6 access-list
  • 7. IP SLA
  • 8. AAA
  • 9. RADIUS Server
  • 10. TACACS+ Server
  • 11. VPN
  • 12. Wireless Security Protocols
• IX. Automation and Programmability
  • 1. SDN
  • 2. Capability of configuration management mechanism
  • 3. Interpret JSON encoded data
  • 4. Characteristics of Rest-based APIs
  • 5. Cisco DNA center
  • 6. Diagnostic commands
• X. Appendix
  • 1. IEEE standards
  • 2. OSI and DoD Models
  • 3. RIPv1 and RIPv2
  • 4. OSPFv3 for Ipv6
  • 5. EIGRP for IPv4
  • 6. EIGRP for IPv6