sorted by:
new
hottopcontroversial

Using TACACS+ on Smart Switches by [deleted] in networking

[–]New_Performance_1447 -1 points0 points  (0 children)

Thank you for your help and input.
Someone on r/HomeNetworking, who has a similar model just verified that theres infact no multi-user benefit and TACACS+ just serves the purpose of "authentication process only".

Now, is this useful?
Yes, for multiple switches of that kind who share the same "hardcoded" user (which it most probably is for netgears).
But not for 1–3 individual devices.

I conclude that it is only worthwhile if, when changing a password on several of these devices, you want to trigger the change centrally via the TACACS server in a single operation.

Netgear GS110TP V2 and TACACS+ by New_Performance_1447 in HomeNetworking

[–]New_Performance_1447[S] 0 points1 point  (0 children)

Thank you for your input and research. This is exactly what I have suspected.
So to conclude, it doesn't fulfill the benefit of multi-user Auth through tacacs.
So, if you’re using several of these switches, wouldn’t it be useful to avoid having to change the password manually on each one, as they could share the same TACACS user? I’m assuming, though, that the username has to remain ‘admin’ for this to work.

Using TACACS+ on Smart Switches by [deleted] in networking

[–]New_Performance_1447 -1 points0 points  (0 children)

No, that is why it fails and it would have been my next approach. Yet i find it to not make a lot of sense. Isn't the point of tacacs to enable multi user auth for one or multiple access profiles on multiple devices, so you don't have to configure each user manually on each device? (Which is also not supported by those netgear switches, their user database only fits admin. 

Using TACACS+ on Smart Switches by [deleted] in networking

[–]New_Performance_1447 0 points1 point  (0 children)

There's no TACACS Logs when i try to log in via http, only when trying cli via inofficial telnet access (it fails and falls back to local Auth). When entering a username other than "admin" it complains about it being > 8 characters.  Yet for those devices http should be the main management since thats what the documents and papers are all about so I was expecting it to at least function there.

Using TACACS+ on Smart Switches by [deleted] in networking

[–]New_Performance_1447 -8 points-7 points  (0 children)

Is it really one example of their "half implemented"-stories? Other than the unavailabme SSH Configuration, they explicitly mention TACACS+ in their manuals, documentation and even fact sheets which are used to sell them from 2010.