Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Comparison of usage of Tacacs+ and Radius for PIX.

I had a network setup with Pix 525 and CSACS version 3.0

I would like to find out which Access control protocol best suite to my design.

For Radius protocol.

I am using the "downloadable Acl " ( Acl configure in Radius server, will push down to Pix when user successfully authenticated) .

For Tacacs+ protocol,

I am suing the command shell ( Acl configured in Pix ).

There is an advice for PIX configuration that the overall command line enter in PIX shoud keep below certain value, may be 1000.

Base on the above explanation.

It looks like having a Radius protocol configured will caused less command line configured in the PIX.

Am I right to say Radius is better than Tacacs+ ?

Could some one give me some advice ?

Thanks.

3 REPLIES
Cisco Employee

Re: Comparison of usage of Tacacs+ and Radius for PIX.

Looking on what you want to do, I think RADIUS will be the better one for you.

New Member

Re: Comparison of usage of Tacacs+ and Radius for PIX.

If you are concerned about the ACL on the pix, then it is better to use radius to control the ACL stuff and iff-load it to the ACS server, but if you are looking at administration of the pix , tacacs+ is a better option as it has more administratibe features.

Silver

Re: Comparison of usage of Tacacs+ and Radius for PIX.

If you are looking for command authorization (while managing pix), then tacacs+ is the only option. But, radius is definitely a better choice for downloadbable ACL.

870
Views
0
Helpful
3
Replies
CreatePlease login to create content