Cisco CCNP Certification Exam Tutorial: Knowing RADIUS and TACACS+ For Your ISCW Exam
As part of your CCNP certification exam studies, particularly for the ISCW exam, you need to be very clear on the differences between TACACS+ and RADIUS. Learn all about these differences in this exclusive article!
As part of your CCNP certification exam studies, particularly for the ISCW exam, you need to be very clear on the differences between TACACS+ and RADIUS.
As a CCNA and future CCNP, you've already configured authentication in the form of creating a local database of usernames and passwords for both Telnet access and PPP authentication. This is sometimes called a self-contained AAA deployment, since no external server is involved.
It's more than likely that you'll be using a server configured for one of the following security protocols:
TACACS+, a Cisco-proprietary, TCP-based protocol
RADIUS, an open-standard, UDP-based protocol originally developed by the IETF
An obvious question is "If there's a TACACS+, what about TACACS?" TACACS was the original version of this protocol and is rarely used today.
Before performing AAA Authentication configuration, there are some other TACACS+ / RADIUS differences you should be aware of:
While TACACS+ encrypts the entire packet, RADIUS encrypts only the password in the initial client-server packet.
RADIUS actually combines the authentication and authorization processes, making it very difficult to run one but not the other.
TACACS+ considers Authentication, Authorization, and Accounting to be separate processes. This allows another method of authentication to be used (Kerberos, for example), while still using TACACS+ for authorization and accounting.
RADIUS does not support the Novell Async Services Interface (NASI) protocol, the NetBIOS Frame Protocol Control protocol, X.25 Packet Assembler / Disassembler (PAD), or the AppleTalk Remote Access Protocol (ARA or ARAP). TACACS+ supports all of these.
RADIUS implementations from different vendors may not work well together, or at all.
RADIUS can't control the authorization level of users, but TACACS+ can.
Source: Free Articles from ArticlesFactory.com
ABOUT THE AUTHOR
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (http://www.thebryantadvantage.com ), home of free CCNA and CCNP tutorials, and The Ultimate CCNA and CCNP Study Packages.
For free daily CCNA, CCNP, CCENT, and Microsoft Server 2008 and Vista certification questions, just visit the website and sign up for the daily newsletter or visit the site blog!