Dear, my chief ask me to choose between Tacacs+ and Radius for switches and Linux SSH user authentication. I see radius is universally supported for every device and OS, but I can't tell soo much about Tacacs+ because I don'y know very well. Can you give me your opinion about the best choice between radius and tacacs+??? Special thanks. Roberto
Roberto Carna wrote: Sent: Monday, May 20, 2013 3:43 PM To: FreeRadius users mailing list Subject: Radius vs Tacacs+
Dear, my chief ask me to choose between Tacacs+ and Radius for switches and Linux SSH user authentication.
This depends primarily on your cryptographic needs, and secondarily on your needs for a consolidated AAA environment. While there are options to provide stronger cryptography for RADIUS, those options are not generally implemented by vendors in switch RADIUS clients. If you are passing your AAA sessions over networks which may leak data, the basic RADIUS secret may not offer the level of protection you need. However, if you feel secure that your control plane is protected, you may want to consider RADIUS as it has better cross-vendor compatibility and also because it can integrate multiple AAA scenarios quite easily, centralizing your AAA services in one place without as much time invested for integration between systems.
Roberto Carna wrote:
Dear, my chief ask me to choose between Tacacs+ and Radius for switches and Linux SSH user authentication.
Linux authentication doesn't really use TACACS+ or RADIUS.
I see radius is universally supported for every device and OS, but I can't tell soo much about Tacacs+ because I don'y know very well.
TACACS+ is Cisco only.
Can you give me your opinion about the best choice between radius and tacacs+???
If you want an industry standard protocol used by every switch vendor, use RADIUS. If you want Cisco, use TACACS+. Alan DeKok.
participants (3)
-
Alan DeKok -
Brian Julin -
Roberto Carna