Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

is using identification and authentication locally on a router for administrators more secure or reliable than using tacacs or radius authentication?

we are trying to decide between local id and auth versus tacacs or radius for our administrators. is either one more reliable or secure? what are the pros and cons?

2 REPLIES
Anonymous
N/A

Re: is using identification and authentication locally on a rout

An external server is not really more

secure; the data can be encrypted

to the server. Local AAA may be

more reliable, depending on your

network to the external server and the

server itself (another failure point).

If you have multiple router's,

maintenance is likely easier with AAA -

one change and it applies everywhere.

In general, if your network (# of

devices, # of administrators, # of

users, etc) grows handling router

access via an external AAA server is

usually going to be better for the

long run.

Cisco Employee

Re: is using identification and authentication locally on a rout

In my opinion, using tacacs/radius server is more secure, scalable and more control/features than using local AAA. It is good idea to do have local AAA as fallback in the event your radius/tacacs is not available, etc.

HTH

R/Yusuf

92
Views
0
Helpful
2
Replies