TACACS or RADIUS-Help Please

Discussion in 'Cisco' started by Trouble, Aug 11, 2006.

  1. Trouble

    Trouble Guest

    Can someone tell me the pros and cons of both and which one they would
    recommend an the reason.

    Thanks,
    Trouble, Aug 11, 2006
    #1
    1. Advertising

  2. You may wish to investigate -

    An Analysis of the TACACS+ Protocol and its Implementations:

    http://www.openwall.com/advisories/OW-001-tac_plus/

    as well as

    An Analysis of the RADIUS Authentication Protocol:

    http://www.untruth.org/~josh/security/radius/radius-auth.html

    Hope this helps.

    Brad Reese
    BradReese.Com - Cisco CraigsList Job Openings
    http://www.bradreese.com/craigslist-networking-jobs.htm
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Cisco Asset Recovery Directory
    http://www.bradreese.com/cisco-wanted.htm
    www.BradReese.Com, Aug 11, 2006
    #2
    1. Advertising

  3. RADIUS uses UDP.
    RADIUS encrypts only the password in the access-request packet; less
    secure.
    RADIUS combines authentication and authorization.
    RADIUS does not support ARA access, Net BIOS Frame Protocol Control
    protocol, NASI, and X.25 PAD connections.
    RADIUS does not allow users to control which commands can be executed
    on a router.

    TACACS+ offers multiprotocol support.
    TACACS+ provides two ways to control the authorization of router
    commands: on a per-user or per-group basis.
    TACACS+ uses the AAA architecture, which separates authentication,
    authorization, and accounting.
    TACACS+ encrypts the entire body of the packet; more secure.
    TACACS+ uses TCP.
    christian koch, Aug 11, 2006
    #3
  4. christian koch wrote:
    > RADIUS uses UDP.
    > RADIUS encrypts only the password in the access-request packet; less
    > secure.
    > RADIUS combines authentication and authorization.
    > RADIUS does not support ARA access, Net BIOS Frame Protocol Control
    > protocol, NASI, and X.25 PAD connections.
    > RADIUS does not allow users to control which commands can be executed
    > on a router.
    >
    > TACACS+ offers multiprotocol support.
    > TACACS+ provides two ways to control the authorization of router
    > commands: on a per-user or per-group basis.
    > TACACS+ uses the AAA architecture, which separates authentication,
    > authorization, and accounting.
    > TACACS+ encrypts the entire body of the packet; more secure.
    > TACACS+ uses TCP.

    btw, IMO tacacs is a much wiser and securer implementation to use
    christian koch, Aug 11, 2006
    #4
  5. In article <>,
    Trouble <> wrote:
    >Can someone tell me the pros and cons of both and which one they would
    >recommend an the reason.


    Are you a Cisco only shop and will be that way forever?
    Are you only authenticating Cisco - no other things like
    other vendor firewalls? Then a Cisco proprietary protocol
    like TACACS may be for you. I tend to think of authentication
    for all equipment so I'm standards oriented (RADIUS).

    alan
    Alan Strassberg, Aug 13, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Atif Sajid

    migrating from TACACS+ to RADIUS

    Atif Sajid, Jun 4, 2004, in forum: Cisco
    Replies:
    0
    Views:
    681
    Atif Sajid
    Jun 4, 2004
  2. Frank Fegert
    Replies:
    2
    Views:
    659
    Frank Fegert
    Aug 5, 2004
  3. psychogenic
    Replies:
    4
    Views:
    4,044
    psychogenic
    Apr 27, 2006
  4. psychogenic

    Combining both TACACS+ and RADIUS

    psychogenic, May 8, 2006, in forum: Cisco
    Replies:
    2
    Views:
    7,399
    psychogenic
    May 10, 2006
  5. AM
    Replies:
    0
    Views:
    554
Loading...

Share This Page