Re: TACACS+ vs. RADIUS

["Nikhil Wagholikar" <visitnikhil () gmail com>]

Hello Rlafosse,

Here is a short description about differences between RADIUS & TACACS
implementation:

1.  Make:

RADIUS is a Industry standard developed by Livingston.
TACACS is CISCO proprietory.

2. Command Execution rights:

RADIUS has no provision given to users as to which command that they
can run on the router.
TACACS has two provisions provided to user for the commands that they
can run on the router:
a. Based on users
b. Based on groups

3. Protocol Support:

RADIUS doesn't offer support to traditional protocols like ARA, X.25 PAD & NASI.
TACACS provides support to multiple protocols.

4. AAA Segregation:

RADIUS combines Authentication & Authorization.
TACACS clearly segregates/separates Authentication, Authorization & Accounting.

5. Protocol Utilization:

RADIUS works on UDP whereas TACACS works on TCP.

6. Encrption level:

RADIUS only encrypts the password in the requested packet connection.
TACACS encrypts the whole body of requested packet connection.

So now we can clearly analyze the difference & understand that TACACS
implementation is much secured as compared to RADIUS implementation.

Happy AAA implementation.

----------
Nikhil Wagholikar
Security Analyst

NII Consulting
Web: www.niiconsulting.com


On 6/2/07, Lafosse, Ricardo <rlafosse () sfwmd gov> wrote:
> Hello all,
> I am considering implementing either RADIUS or TACACS+ any insight or
> experiences would be helpful. Also where would be the most beneficial
> location to place it on my infrastructure (DMZ)?
>
> Cheers,
> Ricardo