Correct my undestanding of these okay?

itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
okay:

Radius and Tacacs+ are used as authentication servers with a Cisco ACS server?

Radius is only authentication and if you were to configure it with your cisco devices everyone would have enable mode? or do you set the priv mode when you set up the radius server? I didn't see this in the configs?

Tacacs+ by iself can do authentication and authorization separate and is fully encrypted while Radius password is the only thing encrypted.

Radius can only authenticate and not authorize any commands by itself.
But when tied to a ACS server of course authorization can happen.

NAC setup is when you configure a NAC server say off of a router that usually is config to TACACS+ or radius server for the database of names to access the network. I think maybe you could even config a ACS server along with this??? to work with the NAC server? or do you just need authentication? for the additional network security only?

radius old school use to use ports UDP 1645 and 1646
radius new school uses ports UDP 1812 and 1813
Tacacs+ uses TCP 49


okay guys rip me up. where am I way off. I just need you guys to set me straight..if I am off please let me know in detail where I am screwy..thanks mates!icon_thumright.gificon_study.gif

Comments

  • instant000instant000 Member Posts: 1,745
    itdaddy wrote: »
    okay:

    Radius and Tacacs+ are used as authentication servers with a Cisco ACS server?

    authentication protocols

    Radius is only authentication and if you were to configure it with your cisco devices everyone would have enable mode? or do you set the priv mode when you set up the radius server? I didn't see this in the configs?

    no, radius is authentication and authorization all in one
    Tacacs+ by iself can do authentication and authorization separate and is fully encrypted while Radius password is the only thing encrypted.

    OK
    Radius can only authenticate and not authorize any commands by itself.
    But when tied to a ACS server of course authorization can happen.

    incorrect, radius can't separate authentication from authorization, it's an important difference
    NAC setup is when you configure a NAC server say off of a router that usually is config to TACACS+ or radius server for the database of names to access the network. I think maybe you could even config a ACS server along with this??? to work with the NAC server? or do you just need authentication? for the additional network security only?

    NAC is a way to authenticate users/devices before even allowing them full access to your network, and is often used to quarantine them so they can only receive appropriate AV/patches before being allowed to fully communicate.
    radius old school use to use ports UDP 1645 and 1646
    radius new school uses ports UDP 1812 and 1813
    Tacacs+ uses TCP 49

    For ports, i'll confess that I usually memorize them before tests, but this looks about right. (ports also come in handy when filtering extremely long ACLs, so I guess it has some uses)
    okay guys rip me up. where am I way off. I just need you guys to set me straight..if I am off please let me know in detail where I am screwy..thanks mates!icon_thumright.gificon_study.gif

    I attempted to assist where I could, but I'm only CCNA:Security, someone more knowledgeable would be able to say much more, mayhaps.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    thanks man looks good. I do understand Radius roles both authorization and authention to one level (full level) there is no way with Radius by itself to granularize the authorization of commands. right?
  • instant000instant000 Member Posts: 1,745
    itdaddy wrote: »
    thanks man looks good. I do understand Radius roles both authorization and authention to one level (full level) there is no way with Radius by itself to granularize the authorization of commands. right?

    yes.

    I want to ask: what text are you using?
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    CBT nuggets and bryant advantage and cisco lab book
    is this any good? it will have to be I take my exam haha tomorrow
    915am CST -6 gonna do my best
  • mattlee09mattlee09 Member Posts: 205
    itdaddy wrote: »
    CBT nuggets and bryant advantage and cisco lab book
    is this any good? it will have to be I take my exam haha tomorrow
    915am CST -6 gonna do my best
    That's the spirit, you got this man icon_thumright.gif

    Best of luck.


    *Although if your up cramming still...it might help put you at ease to check back over the exam objectives to let yourself know everything looks familiar. Has always helped me sleep the night before.
  • itdaddyitdaddy Member Posts: 2,089 ■■■■□□□□□□
    thanks guys for all your help. but I promise I will never ever cram for a test like this again. can you say 3 more years ! oh yeah..

    I am going to take a little break and then hit CCNP..but I extended my CCNA and got CCNA-S time for a nap! been up since 3am reviewing.

    I know I know why so early ? my exam is at 915 and had to drive 2 hours to testing facility and then take exam. I like to make sure my stuff is fresh in my mind. I am not a morning person. I am the kind of guy (geek oh yeah) who stays up to 3am working on things and then sleeps till noon on saturday oh yeah no morning person here....

    a pass is a pass time for much need break and then CCNP icon_cheers.gif
Sign In or Register to comment.