RADIUS
Remote Access Dial-In User Service
Only encrypts the password
Uses UDP
Combines authentication and authorization
Doesn’t allow control of which commands can be executed on a router
TACACS+
Terminal Access Control Access Control Server
Cisco proprietary, between Cisco device and ACS server
Encrypts each packet before it is sent to the network
Uses TCP
Two methods to control router commands:
- Assign privilege levels on the router and have tacacs verify the use is authorized at the privilege level
- Explicitly specify in tacacs the commands that are allowed per-user or per-group
AAA Rules for - Telnet, FTP, HTTP,HTTPS
Made with Bullet