[Webinar] Learn how to a build a cloud-first strategyRegister Now



Posted on 2011-10-24
Medium Priority
Last Modified: 2012-05-12
Hi I just wanted some clarification on when to use AAA or when Not need to due to something else being used I think?

Im aware that I can configure AAA on cisco routers - Ok all good

I keep getting confused with the below as I am sure I am wrong as have read about these but can never remember what is what!!!! Can anyonne give me simple one line answers as would be appreciated?

- IAS - Internet Accelerated Server - Speeds up the Internet connection aswell
- TACACS server- Another type of server simular to AAA - I think
- RADIUS Sever - Deals with Fault-tolerance and not logons
- RRAS - Im of the understanding this is used for VPN's or anyone logging on remotely unless they have a direct connection

Question by:mikey250
  • 5
  • 3
LVL 18

Accepted Solution

jmeggers earned 668 total points
ID: 37018813
I'll comment on TACACS and RADIUS

RADIUS (Remote Authentication Dial-In User Service) is used for AAA -- authentication, authorization and accounting.  Depending on what you mean by not dealing with logons, that's incorrect, since it is used for authenticating and authorizing users logging into VPNs, wireless networks, etc.  Uses UDP ports 1645 and 1646 (old) and 1812 / 1813 (IANA).  The first port is used for authentication and authorization, while the second port is used for accounting.

TACACS (Terminal Access Controller Access-Control System) is also used for authenticating users, but it's mostly used for access control into network devices themselves (routers, switches, etc.) and not for authenticating access to network services (such as VPN authentication). Uses TCP port 49.

At least some servers (such as Cisco ACS) can do both RADIUS and TACACS.  There's a lot more specific information out there is you look for it.

Author Comment

ID: 37019258
Radius - My routers have the capability to be configuredd for AAA.

I think I remember looking into IAS and Radius on my Win 2003 server which involved AAA which confused me if it could be configured on my routers and switches.  Do you have any input on this?

Tacacs - Ive seen this in the workplace but no one could give me an exact answer like that.  What if a user wanted to logon from home or from some other place remotely in order that they could fix a problem with a router or switch ?


Assisted Solution

ipajones earned 1332 total points
ID: 37019726
To clarify AAA is not RADIUS.  AAA on a router can make use of a RADIUS server for the purposes of Authentication, Authorisation and Accounting.  AAA is simply how these 3 A's are setup on a Cisco router/switch.

TACACS when configured causes login authentication requests to the router/switch to be passed to a centralised TACACS server.  If a user can access the network device remotely then the authentication request would be passed to the TACACS server from the network device just the same as if the user was directly connected.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 37019898
Thats what I was wondering if one device such as a router has the capability to be configured with AAA does that mean the other is not used.  But ok both!!

Radius is presumably used just for 'Dial-up' capability only?

Assisted Solution

ipajones earned 1332 total points
ID: 37019964
No actually RADIUS can be used for many different authentication requirements, I think it's just that it was originally created when remote access was largely Dial-In access.  In simple terms you can think of a RADIUS server as an external authentication source, it's just a way of supporting authentication requests being passed to another device which handles the authentication requests.

Author Comment

ID: 37029713
Hi ipajones,  been doing some more reading yesturday and youtube videos and beginning to understand better.

Also I kept getting confused with IAS & ISA when it is IAS that features AAA.  I whatched a video yesturday that used 2 servers to configure IAS/AAA & RRAS so Im beginning to understand now also.

thanks for your comments anyway and your comments for RADIUS...!

Author Comment

ID: 37029722
Oh and Radius Server added also..ie

Server 01
Win 2003
Radius Server

Server 02
Win 2003
Public/Private addresses configured already

Expert Comment

ID: 37029915
No problem. Glad to have been of some help!

Author Closing Comment

ID: 37030035
Although I received good advice I found a Youtube video that confirmed with more understanding the experts advice.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question