On Cisco boxes, use TACACS+. TACACS+ has more support for interaction with
the token holder such as "next tokencode mode"; although there are such
messages defined in the RADIUS protocol, most RADIUS client implementations
lack support for them.
And TACACS+ has extended benefits in user level definition, command logging
that you'll probably like.
ACE/Server comes with an integrated RADIUS Server. All 3 authentication
types (SecurID native, TACACS+, RADIUS) can work at the same time.
Rubens Kuhl Jr.
-----Original Message-----
From: sthaug@nethelp.no [mailto:sthaug@nethelp.no]
Sent: quinta-feira, 8 de junho de 2000 19:27
To: cisco-nsp@puck.nether.net
Subject: [nsp] Cisco/Radius/SecurID: What software is needed?
We're thinking about using SecurID (hardware token) to control access
to various Cisco and Bay/Nortel routers. For Cisco alone we would
probably have gone with TACACS+, but with Bay routers also Radius seems
more attractive in order to have the same solution on both platforms.
I'd like to have some comments from the list on the following:
- What do you think of using Radius instead of TACACS+ for the Cisco
boxes?
- With SecurID we get a piece of software (SecurID ACE/Server) which
presumably communicates with Radius to control access. Assuming we have
the Radius server, do we need any other software (e.g. CiscoSecure ACS)?
- Any other hardware token based systems you would suggest instead of
SecurID?
Thanks!
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:13 EDT