[c-nsp] TACACS vs RADIUS
Mack McBride
mack.mcbride at viawest.com
Mon Feb 27 17:02:09 EST 2012
If all you are doing is authentication then you shouldn't miss anything.
If you are using command authorization and logging then you will lose that functionality.
I am not sure if the enable level can be specified using radius authentication.
At least I haven't done it, so you may lose that.
LR Mack McBride
Network Architect
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jason 'XenoPhage' Frisvold
Sent: Monday, February 27, 2012 1:50 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] TACACS vs RADIUS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi there,
I'm contemplating switching from TACACS to RADIUS for admin authentication on switches and routers. In part this is so I can reduce the number of services that have to be maintained, and part has to do with integration with our existing authentication system.
Can someone comment on whether RADIUS is a viable replacement for TACACS? Will I end up missing some major feature of TACACS? Will using RADIUS end up reducing security?
Thanks,
- --
- ---------------------------
Jason 'XenoPhage' Frisvold
xenophage at godshell.com
- ---------------------------
"Any sufficiently advanced magic is indistinguishable from technology.\"
- - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9L7G8ACgkQO80o6DJ8Uvlc7ACdGbhjITxx5PaCFSBDsO7PrR7P
O1QAoI8vC6OmNxNPYX/2+R838Zyz9qm/
=WJfR
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list