Radius or Tacacs?

boxerboy1168boxerboy1168 Member Posts: 395 ■■■□□□□□□□
Just curious what's being used most commonly in production radius or tacacs?

Studying for CCNA, thanks!!
Currently enrolling into WGU's IT - Security Program. Working on LPIC (1,2,3) and CCNA (and S) as long term goals and preparing for the Security+ and A+ as short term goals.

Comments

  • PCTechLincPCTechLinc Member Posts: 646 ■■■■■■□□□□
    Most common:

    Use TACACS+ to control what administrators can do on a device. Use RADIUS to authenticate users and devices onto the network.

    TACACS+ encrypts all communications using TCP port 49.

    RADIUS only encrypts the password and uses UDP ports 1812 for Authentication and 1813 for Accounting. Some implementations of RADIUS use ports 1645 for Authentication and 1646 for Accounting.
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • boxerboy1168boxerboy1168 Member Posts: 395 ■■■□□□□□□□
    Ok, thanks!!

    Is that to prevent congestion on the network/ save the CPU's on the routers?
    Currently enrolling into WGU's IT - Security Program. Working on LPIC (1,2,3) and CCNA (and S) as long term goals and preparing for the Security+ and A+ as short term goals.
  • boxerboy1168boxerboy1168 Member Posts: 395 ■■■□□□□□□□
    oh, is it for the command by command authorization?
    Currently enrolling into WGU's IT - Security Program. Working on LPIC (1,2,3) and CCNA (and S) as long term goals and preparing for the Security+ and A+ as short term goals.
  • clarsonclarson Member Posts: 903 ■■■■□□□□□□
    it is for central administration of user access, authorization, and accounting.
  • clarsonclarson Member Posts: 903 ■■■■□□□□□□
    Tacacs+ uses tcp port 49
    Is cisco proprietary
    Encrypts the entire payload
    Separates each aaa function
    Geared toward device administration
    Can authorize individual commands
    Supports message passing, additional challenges besides login/password can be presented
    Notifications can be displayed such as custom banners for different types of events

    Radius uses udp port 1812 and 1813 (accounting)
    Encrypts only the password field
    Combines authentication and authorization
    Geared toward network access
    Authorization is all or nothing
  • williebwillieb Member Posts: 108 ■■■□□□□□□□
    For managing Cisco products only, you will prob see TACACS+ more. But there are many non Cisco and legacy devices that only support RADIUS for user management so in a mixed environment sometimes you don't have a choice, or you use both.

    Also service providers will use RADIUS to authenticate DSL and what's left of dial-up users.
    [X] CCENT ICND1 100-105
    [X] CCNA ICND2 200-105
    [X] CCNP ROUTE 300-101
    [X] CCNP SWITCH 300-115
    [X] CCNP TSHOOT 300-135
    [ ] CCDP ARCH 300-320
Sign In or Register to comment.