https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788616#M409239 <P>Hi </P><P>I think i have a simple question: I wan't do activate 802.1x on our siwtches(about 800 devices: 6500,3500,3600,4500,...). We use for telnet Tacacs for authentication,authorization and accounting. For 802.1x i need to configure raidius on the switches. So my question is: Can i run Radius and Tacacs </P><P>for the same device or do i have to cahnge the telnet-authenticatoin/authorization to Radius. In the NetworkDeviceGroup configuration on ACS4.1 i can only define Tacacs or Radius for the authentication type for one device.</P> Sun, 10 Mar 2019 22:20:06 GMT dbelno 2019-03-10T22:20:06Z https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788616#M409239 <P>Hi </P><P>I think i have a simple question: I wan't do activate 802.1x on our siwtches(about 800 devices: 6500,3500,3600,4500,...). We use for telnet Tacacs for authentication,authorization and accounting. For 802.1x i need to configure raidius on the switches. So my question is: Can i run Radius and Tacacs </P><P>for the same device or do i have to cahnge the telnet-authenticatoin/authorization to Radius. In the NetworkDeviceGroup configuration on ACS4.1 i can only define Tacacs or Radius for the authentication type for one device.</P> Sun, 10 Mar 2019 22:20:06 GMT https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788616#M409239 dbelno 2019-03-10T22:20:06Z https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788617#M409240 <HTML><HEAD></HEAD><BODY><P>Yes you can run RADIUS and TACACS+ in parallel.</P><P></P><P>In the ACS network config db you need to enter each device twice - once for each protocol.</P></BODY></HTML> Thu, 16 Aug 2007 08:33:11 GMT https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788617#M409240 darpotter 2007-08-16T08:33:11Z https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788618#M409241 <HTML><HEAD></HEAD><BODY><P>TACACS+ is better recomended, due to better accounting, authorization and the ENCRYPTION it uses for communication, where as RADIUS is plain/clear text algorithm.</P><P></P><P>Since you are using TELNET which is total clear text, then using TACACS provides you some security through its encyption., I would prefer TACACS over RADIUS Since you have all Cisco based network.</P><P></P></BODY></HTML> Thu, 16 Aug 2007 16:29:43 GMT https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788618#M409241 fawadnoorkhan 2007-08-16T16:29:43Z https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788619#M409242 <HTML><HEAD></HEAD><BODY><P>Hallo </P><P>I know, this is the reason why i am useing tacacs. But can i use Tacacs in combination with 802.1x and/or NAC??</P></BODY></HTML> Fri, 17 Aug 2007 05:31:30 GMT https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788619#M409242 dbelno 2007-08-17T05:31:30Z https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788620#M409243 <HTML><HEAD></HEAD><BODY><P>No you cant use TACACS+ for NAC and 802.1x.</P><P></P><P>...and NAC over RADIUS *IS* encrypted. The entire exchange occurs inside a tunnel which just happens to be carried over RADIUS.</P><P></P><P>EAP-FAST/EAP-PEAP both use encrypted tunnels for their protocols.</P><P></P><P>T+ is still king for device admin or any network service that uses/needs good/flexible authorisation. For everything else there's RADIUS.</P></BODY></HTML> Fri, 17 Aug 2007 12:45:59 GMT https://community.cisco.com/t5/network-access-control/acs-802-1x-tacacs-and-radius/m-p/788620#M409243 darpotter 2007-08-17T12:45:59Z