Home
Certification Preparation
Cisco
CCNA & CCENT
Radius or Tacacs?
boxerboy1168
Just curious what's being used most commonly in production radius or tacacs?
Studying for CCNA, thanks!!
Find more posts tagged with
Comments
PCTechLinc
Most common:
Use TACACS+ to control what administrators can do on a device. Use RADIUS to authenticate users and devices onto the network.
TACACS+ encrypts all communications using TCP port 49.
RADIUS only encrypts the password and uses UDP ports 1812 for Authentication and 1813 for Accounting. Some implementations of RADIUS use ports 1645 for Authentication and 1646 for Accounting.
boxerboy1168
Ok, thanks!!
Is that to prevent congestion on the network/ save the CPU's on the routers?
boxerboy1168
oh, is it for the command by command authorization?
clarson
it is for central administration of user access, authorization, and accounting.
clarson
Tacacs+ uses tcp port 49
Is cisco proprietary
Encrypts the entire payload
Separates each aaa function
Geared toward device administration
Can authorize individual commands
Supports message passing, additional challenges besides login/password can be presented
Notifications can be displayed such as custom banners for different types of events
Radius uses udp port 1812 and 1813 (accounting)
Encrypts only the password field
Combines authentication and authorization
Geared toward network access
Authorization is all or nothing
willieb
For managing Cisco products only, you will prob see TACACS+ more. But there are many non Cisco and legacy devices that only support RADIUS for user management so in a mixed environment sometimes you don't have a choice, or you use both.
Also service providers will use RADIUS to authenticate DSL and what's left of dial-up users.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
