Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
945
Views
0
Helpful
6
Replies

TACACS+ to authenticate and authorize end Users in a network

orimbatomeizi
Level 1
Level 1

‎01-20-2022 09:08 AM

Hello

I just want to ask if there are any alternatives to 802.1x or web based authentication and authorization with TACACS+ only.

I can not use RADIUS although i have to authenticate end users with TACACS+ to allow them to use the network services like internet, mail, etc... As far i see TACACS+ is for device admnistration only but i was told that it can authenticate end users two instead of radius.

 

Thank you

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎01-20-2022 09:13 AM

If you like user to authenticate get to internet and allow to access internal resources.

 

as per i know you have only option 802.1x  deployment. (this can be done using Wired and Wireless)

 

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html

 

not sure how is your network what network devices you have in place to explore any other option, most time AAA is the only method.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

orimbatomeizi
Level 1
Level 1
In response to balaji.bandi

‎01-20-2022 09:18 AM

Thank you for your answer... It is for research purposes for my network class project. I'm stuck with Tacacs+

 

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to orimbatomeizi

‎01-20-2022 09:51 AM

some compare will help you here  for your research :

 

https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-10.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

orimbatomeizi
Level 1
Level 1
In response to balaji.bandi

‎01-20-2022 09:55 AM

Thank you

0 Helpful

Flavio Miranda
VIP
VIP

‎01-20-2022 09:20 AM - edited ‎01-20-2022 09:21 AM

Hi

 They are basically the same.  The idea is the same, validate users against some user database and permit access or deny access. 

 

TACACS+                                                                                     RADIUS
Cisco proprietary protocol                                                            open standard protocol
It uses TCP as a transmission protocol                                          It uses UDP as a transmission protocol
It uses TCP port number 49.                                                        It uses UDP port number 1812 for authentication and authorization and 1813 for accounting.
Authentication, Authorization, and Accounting are separated        in TACACS+. Authentication and Authorization are combined in RADIUS.
All the AAA packets are encrypted. Only the password is encrypted while the

0 Helpful

orimbatomeizi
Level 1
Level 1
In response to Flavio Miranda

‎01-20-2022 09:54 AM

Thanks...

But tacacs+ is not 802.1x capable or web based authentication, based on what i see

0 Helpful
Customers Also Viewed These Support Documents