GarrettCom MNS-6K-SECURE 14.1.4 Manual Do Utilizador

is authentication where the user is verified against the network user database.  The second stage is 
authorization, where it is determined whether the user has operator access or manager privileges. 
 

Packet encryption is a supported and is a configurable option for the Magnum MNS-6K software. 
When encrypted, all authentication and authorization TACACS+ packets are encrypted and are 
not readable by protocol capture and sniffing devices such as EtherReal or others. Packet data is 
hashed and shared using MD5 and secret string defined between the Magnum 6K family of 
switches and the TACACS+ server.  
 

32 bits wide 

4 4  8 

8 

8 

bits 

Major 

Version  

Minor  

Version 

Packet type  Sequence no. 

Flags  

Session ID  

Length  

72 – TACACS packet format 

 

• 

Major Version – The major TACACS+ version number.  

• 

Minor version – The minor TACACS+ version number. This is intended to allow 
revisions to the TACACS+ protocol while maintaining backwards compatibility 

• 

Packet type – Possible values are 

TAC_PLUS_AUTHEN:= 0x01 (Authentication) 
TAC_PLUS_AUTHOR:= 0x02 (Authorization) 
TAC_PLUS_ACCT:= 0x03 (Accounting)  

• 

Sequence number – The sequence number of the current packet for the current 
session  

• 

Flags – This field contains various flags in the form of bitmaps. The flag values signify 
whether the packet is encrypted  

• 

Session ID – The ID for this TACACS+ session 

• 

Length - The total length of  the TACACS+ packet body (not including the header) 

 

CLI commands to configure TACACS+ are 
 
Syntax show tacplus <status|servers> - show status of TACACS or servers configured as TACACS+ 

118