• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

cisco aaa/windows radius server

I have used TACACS+ for AAA for Cisco Equipment. I'm thinking about moving AAA it to a Windows Radius server. Does anyone have any experience on this, and is this a good idea?
0
ShadowColossus
Asked:
ShadowColossus
  • 2
1 Solution
 
rauenpcCommented:
I mostly use Radius, and it works just as well as TACACS+, although there are differences in what you can all do.

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

It can be simple pass/fail user authentication for VPN/SSH, or it can even pass back information to specify which vpn group-policy should be applied to a user based on AD group membership. There are many other scenarios, but in the end it will be up to you to do your due diligence to research Radius with the features you are looking to achieve.
0
 
gcl_hkCommented:
As my understanding, TACACS authorization can do more flexible on restriction. for example, user A able to apply "shutdown" command and user B does not. (its just an example, actually can restrict a list of command)

Please correct me if I am wrong.
0
 
ShadowColossusAuthor Commented:
My setup for TACACS+ is used for AAA. So under authorization I do have an "acl" that permits what commands can be entered by certain users. I also have accounting which collects which commands entered by a user. I'm not familiar if Windows Radius can perform these task.
0
 
rauenpcCommented:
Radius might be able to do that, but tacacs is much better suited to authorize command sets.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now