keywords:
Bookmark and Share



Front Back
Functionality TACACS+
Separates AAA functions into
distinct elements. Authentication
is separate from authorization,
and both of those are separate
from accounting.
  Functionality RADIUS
Combines many of the
functions of authentication
and authorization together. Has
detailed accounting capability
when accounting is configured
for use.
Standard TACACS+
Cisco proprietary, but very well
known.
Standard RADIUS
Open standard, and supported
by nearly all vendors’ AAA
implementation.
L4 protocol TACACS+
TCP.
L4 protocol RADIUS
UDP.
Confidentiality TACACS+
All packets are encrypted
between the ACS server and the
router (which is the client).
Confidentiality RADIUS
Only the password is encrypted
with regard to packets sent back
and forth between the ACS
server and the router.
Granular command by
command authorization TACACS+
This is supported, and the rules
are defined on the ACS server
about which commands are
allowed or disallowed.
Granular command by
command authorization RADIUS
No explicit command
authorization checking rules
can be implemented.
Accounting TACACS+
Provides accounting support.
Accounting RADIUS
Provide accounting support,
and generally acknowledged
as providing more detailed or
extensive accounting capability
than TACACS+.
Network device groups
Groups of network devices, normally based on routers
or switches with similar functions/devices managed by
the same administrators.
Network devices (ACS clients/
routers/switches)
The individual network devices that go into the device
groups.
Identity groups (user/admin groups)
Groups of administrators, normally based on users
who will need similar rights and access to specific
groups of network devices.
User accounts
Individual administrator/user accounts that are placed
in identity groups.
Authorization profiles
These profiles control what rights are permitted. The
profile is associated with a network device group and a
user/administrator identity group.
x of y cards