TACACS or RADIUS-Help Please

You may wish to investigate -

An Analysis of the TACACS+ Protocol and its Implementations:

as well as

An Analysis of the RADIUS Authentication Protocol:

Hope this helps.

Brad Reese BradReese.Com - Cisco CraigsList Job Openings

Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Asset Recovery Directory

RADIUS uses UDP. RADIUS encrypts only the password in the access-request packet; less secure. RADIUS combines authentication and authorization. RADIUS does not support ARA access, Net BIOS Frame Protocol Control protocol, NASI, and X.25 PAD connections. RADIUS does not allow users to control which commands can be executed on a router.

TACACS+ offers multiprotocol support. TACACS+ provides two ways to control the authorization of router commands: on a per-user or per-group basis. TACACS+ uses the AAA architecture, which separates authentication, authorization, and accounting. TACACS+ encrypts the entire body of the packet; more secure. TACACS+ uses TCP.

btw, IMO tacacs is a much wiser and securer implementation to use

Are you a Cisco only shop and will be that way forever? Are you only authenticating Cisco - no other things like other vendor firewalls? Then a Cisco proprietary protocol like TACACS may be for you. I tend to think of authentication for all equipment so I'm standards oriented (RADIUS).

alan