Can someone tell me the pros and cons of both and which one they would recommend an the reason.
Thanks,
Can someone tell me the pros and cons of both and which one they would recommend an the reason.
Thanks,
You may wish to investigate -
An Analysis of the TACACS+ Protocol and its Implementations:
An Analysis of the RADIUS Authentication Protocol:
Brad Reese BradReese.Com - Cisco CraigsList Job Openings
RADIUS uses UDP. RADIUS encrypts only the password in the access-request packet; less secure. RADIUS combines authentication and authorization. RADIUS does not support ARA access, Net BIOS Frame Protocol Control protocol, NASI, and X.25 PAD connections. RADIUS does not allow users to control which commands can be executed on a router.
TACACS+ offers multiprotocol support. TACACS+ provides two ways to control the authorization of router commands: on a per-user or per-group basis. TACACS+ uses the AAA architecture, which separates authentication, authorization, and accounting. TACACS+ encrypts the entire body of the packet; more secure. TACACS+ uses TCP.
btw, IMO tacacs is a much wiser and securer implementation to use
Are you a Cisco only shop and will be that way forever? Are you only authenticating Cisco - no other things like other vendor firewalls? Then a Cisco proprietary protocol like TACACS may be for you. I tend to think of authentication for all equipment so I'm standards oriented (RADIUS).
alan
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.