Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

cisco aaa/windows radius server

Posted on 2013-01-31
4
Medium Priority
?
486 Views
Last Modified: 2013-06-05
I have used TACACS+ for AAA for Cisco Equipment. I'm thinking about moving AAA it to a Windows Radius server. Does anyone have any experience on this, and is this a good idea?
0
Comment
Question by:ShadowColossus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 20

Expert Comment

by:rauenpc
ID: 38842304
I mostly use Radius, and it works just as well as TACACS+, although there are differences in what you can all do.

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

It can be simple pass/fail user authentication for VPN/SSH, or it can even pass back information to specify which vpn group-policy should be applied to a user based on AD group membership. There are many other scenarios, but in the end it will be up to you to do your due diligence to research Radius with the features you are looking to achieve.
0
 
LVL 6

Expert Comment

by:gcl_hk
ID: 38843049
As my understanding, TACACS authorization can do more flexible on restriction. for example, user A able to apply "shutdown" command and user B does not. (its just an example, actually can restrict a list of command)

Please correct me if I am wrong.
0
 

Author Comment

by:ShadowColossus
ID: 38845056
My setup for TACACS+ is used for AAA. So under authorization I do have an "acl" that permits what commands can be entered by certain users. I also have accounting which collects which commands entered by a user. I'm not familiar if Windows Radius can perform these task.
0
 
LVL 20

Accepted Solution

by:
rauenpc earned 300 total points
ID: 38845403
Radius might be able to do that, but tacacs is much better suited to authorize command sets.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question