cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

734
Views
0
Helpful
1
Replies
sveinskogen
Beginner

SA500 - Radius. Any plans for TACACS+ ?

I see that the SA500 has support for Radius for AAA. I'm in the process of replanning my network (phasing out about 12 VM installations for 12 new VMs over the next half year), and in that process I will move from NIS+ to either Radius or TACACS+ for the users here. I would prefer TACACS+ (for its less lacking security), but only if the SA540 could use it (perhaps in one of the upcoming releases), but will settle for Radius if that is the "only common" alternative. AD is irrelevant, since the VPN dialin wil be reserved for the two users sometimes needing access to administrative tools (like the vSphere Client), not for accessing other resources, and some of my external-only users (having access to the smtpd, imap, and the webserver) similarly don't need access to the AD domain, etc.

I know (from experience with tacplus some ten years back) that tacplus is relatively painless to set up on FreeBSD (from ports), but I've not yet done the same with radius for any "serious deployment" (however I know that the pam plugins for radius works in the same manner as the tacplus one, so setting FreeBSD to utilize radius should be relatively painless)

So, the question is: Will the SA500 support TACACS+, or will radius be the only realistic choice?

//Svein

1 REPLY 1
rshao
Beginner

Hi,

Current there is no plan to support TACACS+ on SA500.

Based on what you describe, Radius sounds the option.

ps: If the TACACS is a must, you may want to consider other Cisco product, such as ASA5505.

Regards,

Richard