Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > TACACS or RADIUS-Help Please

Reply
Thread Tools

TACACS or RADIUS-Help Please

 
 
Trouble
Guest
Posts: n/a
 
      08-11-2006
Can someone tell me the pros and cons of both and which one they would
recommend an the reason.

Thanks,

 
Reply With Quote
 
 
 
 
www.BradReese.Com
Guest
Posts: n/a
 
      08-11-2006
You may wish to investigate -

An Analysis of the TACACS+ Protocol and its Implementations:

http://www.openwall.com/advisories/OW-001-tac_plus/

as well as

An Analysis of the RADIUS Authentication Protocol:

http://www.untruth.org/~josh/securit...dius-auth.html

Hope this helps.

Brad Reese
BradReese.Com - Cisco CraigsList Job Openings
http://www.bradreese.com/craigslist-networking-jobs.htm
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
USA & Canada: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
AIM: R2MGrant
BradReese.Com - Cisco Asset Recovery Directory
http://www.bradreese.com/cisco-wanted.htm

 
Reply With Quote
 
 
 
 
christian koch
Guest
Posts: n/a
 
      08-11-2006


RADIUS uses UDP.
RADIUS encrypts only the password in the access-request packet; less
secure.
RADIUS combines authentication and authorization.
RADIUS does not support ARA access, Net BIOS Frame Protocol Control
protocol, NASI, and X.25 PAD connections.
RADIUS does not allow users to control which commands can be executed
on a router.

TACACS+ offers multiprotocol support.
TACACS+ provides two ways to control the authorization of router
commands: on a per-user or per-group basis.
TACACS+ uses the AAA architecture, which separates authentication,
authorization, and accounting.
TACACS+ encrypts the entire body of the packet; more secure.
TACACS+ uses TCP.

 
Reply With Quote
 
christian koch
Guest
Posts: n/a
 
      08-11-2006

christian koch wrote:
> RADIUS uses UDP.
> RADIUS encrypts only the password in the access-request packet; less
> secure.
> RADIUS combines authentication and authorization.
> RADIUS does not support ARA access, Net BIOS Frame Protocol Control
> protocol, NASI, and X.25 PAD connections.
> RADIUS does not allow users to control which commands can be executed
> on a router.
>
> TACACS+ offers multiprotocol support.
> TACACS+ provides two ways to control the authorization of router
> commands: on a per-user or per-group basis.
> TACACS+ uses the AAA architecture, which separates authentication,
> authorization, and accounting.
> TACACS+ encrypts the entire body of the packet; more secure.
> TACACS+ uses TCP.

btw, IMO tacacs is a much wiser and securer implementation to use

 
Reply With Quote
 
Alan Strassberg
Guest
Posts: n/a
 
      08-13-2006
In article <(E-Mail Removed). com>,
Trouble <(E-Mail Removed)> wrote:
>Can someone tell me the pros and cons of both and which one they would
>recommend an the reason.


Are you a Cisco only shop and will be that way forever?
Are you only authenticating Cisco - no other things like
other vendor firewalls? Then a Cisco proprietary protocol
like TACACS may be for you. I tend to think of authentication
for all equipment so I'm standards oriented (RADIUS).

alan
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX and TACACS+ Gary Cisco 1 10-21-2003 09:27 PM
Restricting User access to Router with TACACS Freeware Frank Beider Cisco 3 10-20-2003 04:39 AM
Re: Can SNMP requests be logged in tacacs+ accounting? Aaron Leonard Cisco 1 10-17-2003 05:30 PM
TACACS+ with my sql Manoj Kumar Reddy Cisco 0 10-16-2003 03:07 PM
tacacs+ snmp accouning Oliver Schlosser Cisco 1 07-07-2003 09:48 PM



Advertisments