tacacs and radius

Unanswered Question
Feb 7th, 2008

Hi all, I currently use a cisco acs server for remote access authentication and aaa router access, what is the tacacs used for, is that the control authentication for my router access, and the radius is used for dial in access ? please help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.

Hi,

tacacs and radius both are the tools which provide AAA (Authentication, authorization and accounting) services. Tacacs+ is cisco's implementation of tacacs-services. When you implement AAA/tacacs/radius in your router/switches your login id will get authenticated and authorized as per the configuration in ACS.

tacacs and radius do the same thing but with different priorities. tacacs being TCP based takes care of both-way handshake and thus more secure, but at the same time time-consuming. Radius is UDP based and thus more fast and less secure.

I hope I am able to help you out somewhat.

Let me know what exactly you are looking for.

--gaurav

carl_townshend Mon, 02/11/2008 - 03:53

i would like to know when I create user access for my routers/switches on my cisco acs server, is this controlled by tacacs, radius or aaa on the acs ?

royalblues Mon, 02/11/2008 - 04:08

Carl it would depend on how you configure

When you add a device in the ACS, you have an option to choose either TACACS /radius

The network device should have the same authentication configuration either tacacs/radius

The radius/tacacs parameters are configured under aaa on the network device

HTH

Narayan

carl,

tacacs/radius is AAA implementations. ACS is cisco-implemented tacacs/radius (as per your configuration in ACS). So when you say that my devices are getting authenticated through ACS, this means my devices are getting authenticated, authorized and accounted by tacacs/radius whose hardware implementation is ACS. I hope this is what you needed. Let us know if there is still any confusion.

--gaurav

muthumohan Wed, 02/13/2008 - 14:39

TACACS+ and RADIUS are two different protocols that accomplish the same. They are the protocols used for communication between AAA client and AAA server.

TACACS+ is Cisco propritory, uses TCP and encrypts the complete message between the clients (routers, switches) and the server(ACS server). Therefore more secure.

RADIUS is industry standard, uses UDP and encrypts only the username/password portion of the message. Therefore less secure.

You can choose either one for your AAA implementation and Cisco ACS server supports both protocols.

For more info, see the below link:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

Hope that helps...

Thank you,

Mohan

Actions

This Discussion