Posts

TACACS+ and Radius is a security application that provides centralized validation of users attempting to gain access to a router or network access server. In Table 1 main difference between TACACS and Radius are mentioned:

Feature

TACACS+

RADIUS

Encryption

Packet fully encrypted

Password encrypted

Protocol

TCP

UDP

Standard

Cisco

Industry

AAA

Separate AAA

Combine AAA

To configure Radius or TACACS+ , first we define a new model and then we use dot1x authentication:

Server Side
SW# conf t
SW(config)# aaa new-model
SW(config)# aaa authentication dot1x default group radius
SW(config)# dot1x system-auth-control
SW(config)# dot1x port-control (auto | force-authorized | force-unauthorized)
Client Side
SW# conf t
SW(config)# aaa new-model
SW(config)# radius-server|tacacs-server host a.b.c.d key password
SW(config)# aaa authentication dot1x default group radius