[c-nsp] Central Authentication (Tacacs+ / Radius)

Vandy Hamidi vandy.hamidi at markettools.com
Mon Apr 4 17:53:45 EDT 2005


Thanks Scott.  If memory serves, Cisco Secure Tacacs+ performed well at
both Auth level command limiting and Accounting of commands for Cisco,
but I'd like to use it for non Cisco equipment too.  I'll check and
report back.
Thanks again for the info,

	-=Vandy=-

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Network.Security
Sent: Monday, April 04, 2005 1:59 PM
To: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Central Authentication (Tacacs+ / Radius) 

One thing to keep in mind in the Accounting Dept. with the Cisco ACS is
that it doesn't do (or I could never make it do) Radius Command
Accounting, I've never delved deep enough to know if it's a limit of the
Radius protocol or Cisco's bias towards TACACS, so if that's a decision
point for you... be mindful.

I've seen a couple GNU / Freeware Tacacs+ servers out there, though
never tried them, there are more free Radius servers, depends on what
you are looking for, if you are supporting non-Cisco gear, what your
price point is, etc.  Most enterprise co's don't like freeware, they
like to pay someone to support stuff, even if there is staff on hand to
do the support, but that is off topic...

- Scott
scott.altman at target.com


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Vandy Hamidi
Sent: Monday, April 04, 2005 3:33 PM
To: cisco-nsp at puck.nether.net
Cc: David Devanna
Subject: [c-nsp] Central Authentication (Tacacs+ / Radius) 

I'm looking to (finally) implement a central AAA server.
I'm not looking to integrate with AD/LDAP, just a local DB on a central
server.  Just a simple Authen, Author, and Accounting server for tiered
access and logging capabilities.

In the past I've used CiscoSecure Tacacs+ server and it worked quite
well.
I was planning on using it again, but wanted to see if the group could
recommend a newer (CS is from 2002 I believe) AAA server.

Please share your experiences and recommendations, I would appreciate
hearing what others use or don't use and why.

	-=Vandy=-



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list