TACACS+ and Radius is a security application that provides centralized validation of users attempting to gain access to a router or network access server. In Table 1 main difference between TACACS and Radius are mentioned:
Feature |
TACACS+ |
RADIUS |
Encryption |
Packet fully encrypted |
Password encrypted |
Protocol |
TCP |
UDP |
Standard |
Cisco |
Industry |
AAA |
Separate AAA |
Combine AAA |
To configure Radius or TACACS+ , first we define a new model and then we use dot1x authentication:
Server Side
SW# conf t
SW(config)# aaa new-model
SW(config)# aaa authentication dot1x default group radius
SW(config)# dot1x system-auth-control
SW(config)# dot1x port-control (auto | force-authorized | force-unauthorized)
Client Side
SW# conf t
SW(config)# aaa new-model
SW(config)# radius-server|tacacs-server host a.b.c.d key password
SW(config)# aaa authentication dot1x default group radius