AAA Functionality for CISCO Devices

hi experts,

i got around 50 CISCO devices including Switches, Routers, IDS, IPS, CISCO WORKS.

want to achieve AAA.

what are possible solutions (FREE and Commercial) can be possible, i am already using LDAP for VPN users.

as i know TACACS + is cisco proprietary, what else is there
osloboyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ernie BeekExpertCommented:
Well, of course you have LOCAL (but you don't want that for 50 devices :), RADIUS (which comes standard on for example windows servers: IAS or NPS), SDI (an RSA proprietary), LDAP (but you know that), NT domain (for use with older domains), Kerberos and HTTP form (can only be used for VPN user aythentication).
Have a look at: http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/aaasetup.html#wp1280273
osloboyAuthor Commented:
erniebeek:

please give some more details as ENGLISH is mixed up

1) Kerberos and HTTP form (can only be used for VPN user aythentication)???? is it not recmonded   or at all we can not use it
Ernie BeekExpertCommented:
Not quite, did you have a look at the link I provided? It shows a nice overview.
HTTP form can only be used for VPN user authentication. so that is all you can use it for.
Kerberos can be use for authentication of VPN users, Firewall sessions and Administrators. But not for authorization or accounting.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

osloboyAuthor Commented:
its clear, thanks

just a layman thought.

as TACACS+ is commercial, and in case of less $, what can be your Second best choice.
Ernie BeekExpertCommented:
I'd say RADIUS. That gives you the most options and that is built in in windows servers: IAS (2003) or NPS (2008). So no need for extra $$ :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
osloboyAuthor Commented:
great
Ernie BeekExpertCommented:
You're welcome, glad I could help :)

Thx for the points.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.