[c-nsp] TACACS vs RADIUS
Chuck Church
chuckchurch at gmail.com
Mon Feb 27 16:56:36 EST 2012
I believe radius doesn't support AAA command authorization across the board.
Some docs seem to indicate that it may work, but might be hit or miss. If
you're using authorization, I'd stick with Tacacs.
Chuck
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jason 'XenoPhage'
Frisvold
Sent: Monday, February 27, 2012 3:50 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] TACACS vs RADIUS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi there,
I'm contemplating switching from TACACS to RADIUS for admin
authentication on switches and routers. In part this is so I can reduce the
number of services that have to be maintained, and part has to do with
integration with our existing authentication system.
Can someone comment on whether RADIUS is a viable replacement for
TACACS? Will I end up missing some major feature of TACACS? Will using
RADIUS end up reducing security?
Thanks,
- --
- ---------------------------
Jason 'XenoPhage' Frisvold
xenophage at godshell.com
- ---------------------------
"Any sufficiently advanced magic is indistinguishable from technology.\"
- - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9L7G8ACgkQO80o6DJ8Uvlc7ACdGbhjITxx5PaCFSBDsO7PrR7P
O1QAoI8vC6OmNxNPYX/2+R838Zyz9qm/
=WJfR
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list