[c-nsp] TACACS vs RADIUS

Javier Henderson javier at cisco.com
Mon Feb 27 18:44:28 EST 2012


On Feb 27, 2012, at 5:54 PM, Phil Bedard wrote:

> On Cisco you will lose command authorization, if that is something you are using today.  Other vendors like J and A allow you to define local templates and pass a VSA to the router specifying the users' template as opposed to having to authorize every sine command on the server. 

You also lose command accounting.

Another aspect to consider in the TACACS+ vs. RADIUS comparison is that with RADIUS only the password is encrypted, while with TACACS+ the whole payload is encrypted.

Javier Henderson
javier at cisco.com




More information about the cisco-nsp mailing list