TACACS+ Commands

OcNOS-SP : System Management Guide : System Management Command Reference : TACACS+ Commands

TACACS+ Commands

Terminal Access Controller Access-Control System Plus (TACACS+, usually pronounced like tack-axe) is an access control network protocol for network devices.

The differences between RADIUS and TACACS+ can be summarized as follows:

• RADIUS combines authentication and authorization in a user profile, while TACACS+ provides separate authentication.

• RADIUS encrypts only the password in the access-request packet sent from the client to the server. The remainder of the packet is unencrypted. TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header.

• RADIUS uses UDP, while TACACS+ uses TCP.

• RADIUS is based on an open standard (RFC 2865). TACACS+ is proprietary to Cisco, although it is an open, publicly documented protocol (there is no RFC protocol specification for TACACS+).

Note: Only network administrators can execute these commands. For more, see the username command.

Note: The commands below are supported only on the “management” VRF.

This chapter contains these commands:

• clear tacacs-server counters

• debug tacacs+

• feature tacacs+

• show debug tacacs+

• show running-config tacacs+

• show tacacs-server

• tacacs-server login host

• tacacs-server login key

• tacacs-server login timeout

Last modified date: 10/19/2023