[c-nsp] TACACS vs RADIUS

Scott Voll svoll.voip at gmail.com
Mon Feb 27 17:20:44 EST 2012


Radius will allow the Enable prompt.

Authorization is the thing to be lost.

I just started my roll out of ISE and the ease of setting up is something
else you will lose with Radius.  TACACS is much easier to setup.  Just my
two cents.

Scott

On Mon, Feb 27, 2012 at 2:02 PM, Mack McBride <mack.mcbride at viawest.com>wrote:

> If all you are doing is authentication then you shouldn't miss anything.
> If you are using command authorization and logging then you will lose that
> functionality.
> I am not sure if the enable level can be specified using radius
> authentication.
> At least I haven't done it, so you may lose that.
>
> LR Mack McBride
> Network Architect
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:
> cisco-nsp-bounces at puck.nether.net] On Behalf Of Jason 'XenoPhage' Frisvold
> Sent: Monday, February 27, 2012 1:50 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] TACACS vs RADIUS
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi there,
>
>        I'm contemplating switching from TACACS to RADIUS for admin
> authentication on switches and routers.  In part this is so I can reduce
> the number of services that have to be maintained, and part has to do with
> integration with our existing authentication system.
>
>        Can someone comment on whether RADIUS is a viable replacement for
> TACACS?  Will I end up missing some major feature of TACACS?  Will using
> RADIUS end up reducing security?
>
> Thanks,
>
> - --
> - ---------------------------
> Jason 'XenoPhage' Frisvold
> xenophage at godshell.com
> - ---------------------------
>
> "Any sufficiently advanced magic is indistinguishable from technology.\"
> - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9L7G8ACgkQO80o6DJ8Uvlc7ACdGbhjITxx5PaCFSBDsO7PrR7P
> O1QAoI8vC6OmNxNPYX/2+R838Zyz9qm/
> =WJfR
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list