Introduction

This document gives an insight about tacacs+ and Radius.

What is Tacacs?

Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that is used to communicate with an authentication server. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network.

What is Radius?

Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point.

Solution

For the Network Access Server (NAS) to communicate with Cisco Secure ACS for Windows, these two ports must be enabled:

• TCP port 49 for TACACS+

• UDP ports 1645/1646 and 1812/1813 for RADIUS (default ports)

For more information, refer to the TACACS+ and RADIUS Protocol Comparison table in the Overview section of the User Guide for Cisco Secure ACS Solution Engine Version 3.3.

Cisco Secure Access Control Server (ACS)

Cisco Secure ACS for Windows

Cisco Secure ACS Solution Engine