ShadowColossus
asked on
cisco aaa/windows radius server
I have used TACACS+ for AAA for Cisco Equipment. I'm thinking about moving AAA it to a Windows Radius server. Does anyone have any experience on this, and is this a good idea?
As my understanding, TACACS authorization can do more flexible on restriction. for example, user A able to apply "shutdown" command and user B does not. (its just an example, actually can restrict a list of command)
Please correct me if I am wrong.
Please correct me if I am wrong.
ASKER
My setup for TACACS+ is used for AAA. So under authorization I do have an "acl" that permits what commands can be entered by certain users. I also have accounting which collects which commands entered by a user. I'm not familiar if Windows Radius can perform these task.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml
It can be simple pass/fail user authentication for VPN/SSH, or it can even pass back information to specify which vpn group-policy should be applied to a user based on AD group membership. There are many other scenarios, but in the end it will be up to you to do your due diligence to research Radius with the features you are looking to achieve.