Radius/TACACS question...

uubozou11 · ‎12-24-2007

My background is not in security, but more so in hardware design...but I have come across a question I am asking for help on...

I am cofiguring a device to put on our network. We have network logins and if the TACACS server is down, it auth's locally. Here are some of the config lines to give you a better picture

aaa authentication login default group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa authorization commands 15 default group tacacs+ local if-authenticated

aaa accounting commands 15 default start-stop group tacacs+

But, the device I am installing can only auth against a RADIUS server per the vendor. So basically they are saying that the device is incapable of auth'g against a TACACS server?

I hope my question made sense because some the terms I was initially unfamiliar with.

Thank you,

Richard Burts · ‎12-26-2007

Jimmy

The question seems pretty straightforward: if the vendor says that the device can only authenticate against a Radius server then it is not capable of authenticating against a TACACS server.

It may help to understand that TACACS and Radius are two different protocols that are commonly used to do authentication (and sometimes authorization and accounting) for network devices. Some devices (like Cisco) operate just fine with both protocols and some devices (apparently like the one you are working with) operate with only one.

HTH

Rick

HTH

Rick

srue · ‎12-29-2007

What is your tacacs server? Cisco ACS? It supports RADIUS also... Another Radius option is Micro$oft IAS which is free and installed through add/remove windows components on win2k or win2k3.