TACACS+ authentication overview

TACACS+ authentication occurs as follows:
  • User credentials are sent from the switch to TACACS+ server using the PAP or CHAP authentication protocol.

  • If a user is authenticated, their role is communicated to the switch as Administrator, Operator, or Auditor.

  • An unknown user or a user who entered an invalid password is identified as such to the switch, which then rejects user login.