• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

cisco aaa/windows radius server

I have used TACACS+ for AAA for Cisco Equipment. I'm thinking about moving AAA it to a Windows Radius server. Does anyone have any experience on this, and is this a good idea?
  • 2
1 Solution
I mostly use Radius, and it works just as well as TACACS+, although there are differences in what you can all do.


It can be simple pass/fail user authentication for VPN/SSH, or it can even pass back information to specify which vpn group-policy should be applied to a user based on AD group membership. There are many other scenarios, but in the end it will be up to you to do your due diligence to research Radius with the features you are looking to achieve.
As my understanding, TACACS authorization can do more flexible on restriction. for example, user A able to apply "shutdown" command and user B does not. (its just an example, actually can restrict a list of command)

Please correct me if I am wrong.
ShadowColossusAuthor Commented:
My setup for TACACS+ is used for AAA. So under authorization I do have an "acl" that permits what commands can be entered by certain users. I also have accounting which collects which commands entered by a user. I'm not familiar if Windows Radius can perform these task.
Radius might be able to do that, but tacacs is much better suited to authorize command sets.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now