[c-nsp] Cisco logging commands
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Dec 8 01:53:45 EST 2009
>
> On 07/12/2009 19:32, Gert Doering wrote:
> > For router cli access (as opposed to "dial-in usage"), I can't see
any
> > reason to go for Radius, and lots of reasons to stick to TACACS.
>
> This is exactly what was going through my mind. One of my preferred
> reasons for sticking with tacacs+ is that to access more advanced aaa
> functionality using radius, you still need to use tacacs+ av pairs.
hmm, this doesn't sound right. If your specific AAA need is supported by
Radius (for example network authorization), any "Tacacs" av-pair should
be supported within the Radius reply (using Cisco-avpair attribute).
Do you have a specific example in mind?
oli
More information about the cisco-nsp
mailing list