Friday, November 11, 2011

What is difference between tacacs and radius?

 TACACS+ uses the Transmission Control Protocol (TCP) and RADIUS uses the User Datagram Protocol (UDP). Some administrators recommend using TACACS+ because TCP is seen as a more reliable protocol. Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates the two operations.


RADIUS
TACACS+
Combines authentication & authorization.
Separates all 3 elements of AAA, making it more flexible.
Encrypts only the password.
Encrypts the username and password.
Requires each network device to contain
Authorization configuration.
Central management for authorization configuration.
No command logging.
Full command logging.
Minimal vendor support for authorization.
Supported by most major vendors.
UDP- Connectionless
UDP ports 1645/1646, 1812/1813
TCP- Connection oriented
TCP port 49
Designed for subscriber AAA
Designed for administrator AAA


Many vendors support the TACACS+ protocol, including Adtran, Alcatel/Lucent, Aruba,
Brocade/Foundry, Cisco/Linksys, Ericsson/Redback, Extreme, Fortinet, Fujitsu, HP/3Com,
Huawei, Juniper/Netscreen, Netgear, Nortel, and others.

No comments:

Post a Comment