Radius or Tacacs?
boxerboy1168
Member Posts: 395 ■■■□□□□□□□
in CCNA & CCENT
Just curious what's being used most commonly in production radius or tacacs?
Studying for CCNA, thanks!!
Studying for CCNA, thanks!!
Currently enrolling into WGU's IT - Security Program. Working on LPIC (1,2,3) and CCNA (and S) as long term goals and preparing for the Security+ and A+ as short term goals.
Comments
-
PCTechLinc Member Posts: 646 ■■■■■■□□□□Most common:
Use TACACS+ to control what administrators can do on a device. Use RADIUS to authenticate users and devices onto the network.
TACACS+ encrypts all communications using TCP port 49.
RADIUS only encrypts the password and uses UDP ports 1812 for Authentication and 1813 for Accounting. Some implementations of RADIUS use ports 1645 for Authentication and 1646 for Accounting.Master of Business Administration in Information Technology Management - Western Governors University
Master of Science in Information Security and Assurance - Western Governors University
Bachelor of Science in Network Administration - Western Governors University
Associate of Applied Science x4 - Heald College -
boxerboy1168 Member Posts: 395 ■■■□□□□□□□Ok, thanks!!
Is that to prevent congestion on the network/ save the CPU's on the routers?Currently enrolling into WGU's IT - Security Program. Working on LPIC (1,2,3) and CCNA (and S) as long term goals and preparing for the Security+ and A+ as short term goals. -
boxerboy1168 Member Posts: 395 ■■■□□□□□□□oh, is it for the command by command authorization?Currently enrolling into WGU's IT - Security Program. Working on LPIC (1,2,3) and CCNA (and S) as long term goals and preparing for the Security+ and A+ as short term goals.
-
clarson Member Posts: 903 ■■■■□□□□□□it is for central administration of user access, authorization, and accounting.
-
clarson Member Posts: 903 ■■■■□□□□□□Tacacs+ uses tcp port 49
Is cisco proprietary
Encrypts the entire payload
Separates each aaa function
Geared toward device administration
Can authorize individual commands
Supports message passing, additional challenges besides login/password can be presented
Notifications can be displayed such as custom banners for different types of events
Radius uses udp port 1812 and 1813 (accounting)
Encrypts only the password field
Combines authentication and authorization
Geared toward network access
Authorization is all or nothing -
willieb Member Posts: 108 ■■■□□□□□□□For managing Cisco products only, you will prob see TACACS+ more. But there are many non Cisco and legacy devices that only support RADIUS for user management so in a mixed environment sometimes you don't have a choice, or you use both.
Also service providers will use RADIUS to authenticate DSL and what's left of dial-up users.[X] CCENT ICND1 100-105
[X] CCNA ICND2 200-105
[X] CCNP ROUTE 300-101
[X] CCNP SWITCH 300-115
[X] CCNP TSHOOT 300-135
[ ] CCDP ARCH 300-320