For a network security project, I am to find an alternative for 802.1x (which can only be used with Radius server) in order to use it with Tacacs+ server and authentify users when they want to access the nework.
So the typical 8021x fallback authentication method is MAB (mac authentication bypass) in most wired authentication environments that I have come across. Basically you authenticate devices via their MAC address. However, this is used with radius. In my experience you would use Tacacs+ to authenticate/authorize users to network devices via username/pass OR common access card. Keep in mind radius is less chatty than tacacs+ since it uses udp and not tcp. This may be something you want to consider based on the size of your environment. What I mean by this is if you have hosts re-authenticating every so often I would suggest to use radius.
Thank you for your answer, but the problem is, I am not allowed to use Radius, tacacs+ was imposed as server, so I need to find an authentication solution using only Tacacs+ server
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
