[c-nsp] Central Authentication (Tacacs+ / Radius)

Mohacsi Janos mohacsi at niif.hu
Tue Apr 5 03:33:27 EDT 2005





On Mon, 4 Apr 2005, Network.Security wrote:

> One thing to keep in mind in the Accounting Dept. with the Cisco ACS is
> that it doesn't do (or I could never make it do) Radius Command
> Accounting, I've never delved deep enough to know if it's a limit of the
> Radius protocol or Cisco's bias towards TACACS, so if that's a decision
> point for you... be mindful.
>
Cisco's bias towards TACACS is not true anymore. Cisco seems to be not 
developing any longer the TACACS protocol to support certain features like 
IPv6, while Radius (Cisco implementation also) is evolving constantly.
If you select RADIUS, you will use more standardised methods.

You can look at TACACS - RADIUS comparison page at:
http://www.gazi.edu.tr/tacacs/docs/tac_rad_comp.html

but this comparison is rather old now (1999), and RADIUS extensions are 
resolved most of deficiencies listed there.

Regards,


Janos Mohacsi
Network Engineer, Research Associate
NIIF/HUNGARNET, HUNGARY
Key 00F9AF98: 8645 1312 D249 471B DBAE  21A2 9F52 0D1F 00F9 AF98


>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Vandy Hamidi
> Sent: Monday, April 04, 2005 3:33 PM
> To: cisco-nsp at puck.nether.net
> Cc: David Devanna
> Subject: [c-nsp] Central Authentication (Tacacs+ / Radius)
>
> I'm looking to (finally) implement a central AAA server.
> I'm not looking to integrate with AD/LDAP, just a local DB on a central
> server.  Just a simple Authen, Author, and Accounting server for tiered
> access and logging capabilities.
>
> In the past I've used CiscoSecure Tacacs+ server and it worked quite
> well.
> I was planning on using it again, but wanted to see if the group could
> recommend a newer (CS is from 2002 I believe) AAA server.
>
> Please share your experiences and recommendations, I would appreciate
> hearing what others use or don't use and why.
>
> 	-=Vandy=-
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list