Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
868
Views
7
Helpful
5
Replies

tacacs and radius

carl_townshend
Spotlight
Spotlight

‎02-07-2008 02:04 AM - edited ‎03-05-2019 09:00 PM

Hi all, I currently use a cisco acs server for remote access authentication and aaa router access, what is the tacacs used for, is that the control authentication for my router access, and the radius is used for dial in access ? please help

Labels:
0 Helpful
5 Replies 5

gauravshar
Level 2
Level 2

‎02-07-2008 04:28 AM

Hi,

tacacs and radius both are the tools which provide AAA (Authentication, authorization and accounting) services. Tacacs+ is cisco's implementation of tacacs-services. When you implement AAA/tacacs/radius in your router/switches your login id will get authenticated and authorized as per the configuration in ACS.

tacacs and radius do the same thing but with different priorities. tacacs being TCP based takes care of both-way handshake and thus more secure, but at the same time time-consuming. Radius is UDP based and thus more fast and less secure.

I hope I am able to help you out somewhat.

Let me know what exactly you are looking for.

--gaurav

carl_townshend
Spotlight
Spotlight
In response to gauravshar

‎02-11-2008 03:53 AM

i would like to know when I create user access for my routers/switches on my cisco acs server, is this controlled by tacacs, radius or aaa on the acs ?

0 Helpful

royalblues
Level 10
Level 10
In response to carl_townshend

‎02-11-2008 04:08 AM

Carl it would depend on how you configure

When you add a device in the ACS, you have an option to choose either TACACS /radius

The network device should have the same authentication configuration either tacacs/radius

The radius/tacacs parameters are configured under aaa on the network device

HTH

Narayan

0 Helpful

gauravshar
Level 2
Level 2
In response to royalblues

‎02-11-2008 05:16 AM

carl,

tacacs/radius is AAA implementations. ACS is cisco-implemented tacacs/radius (as per your configuration in ACS). So when you say that my devices are getting authenticated through ACS, this means my devices are getting authenticated, authorized and accounted by tacacs/radius whose hardware implementation is ACS. I hope this is what you needed. Let us know if there is still any confusion.

--gaurav

0 Helpful

muthumohan
Level 1
Level 1
In response to gauravshar

‎02-13-2008 02:39 PM

TACACS+ and RADIUS are two different protocols that accomplish the same. They are the protocols used for communication between AAA client and AAA server.

TACACS+ is Cisco propritory, uses TCP and encrypts the complete message between the clients (routers, switches) and the server(ACS server). Therefore more secure.

RADIUS is industry standard, uses UDP and encrypts only the username/password portion of the message. Therefore less secure.

You can choose either one for your AAA implementation and Cisco ACS server supports both protocols.

For more info, see the below link:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

Hope that helps...

Thank you,

Mohan

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card