is using identification and authentication locally on a router for administrators more secure or rel...

admin_2 · ‎06-27-2002

we are trying to decide between local id and auth versus tacacs or radius for our administrators. is either one more reliable or secure? what are the pros and cons?

Report Inappropriate Content · ‎06-27-2002

An external server is not really more

secure; the data can be encrypted

to the server. Local AAA may be

more reliable, depending on your

network to the external server and the

server itself (another failure point).

If you have multiple router's,

maintenance is likely easier with AAA -

one change and it applies everywhere.

In general, if your network (# of

devices, # of administrators, # of

users, etc) grows handling router

access via an external AAA server is

usually going to be better for the

long run.

yusuff · ‎06-27-2002

In my opinion, using tacacs/radius server is more secure, scalable and more control/features than using local AAA. It is good idea to do have local AAA as fallback in the event your radius/tacacs is not available, etc.

HTH

R/Yusuf

is using identification and authentication locally on a router for administrators more secure or reliable than using tacacs or radius authentication?