Chapter 1 Overview of Cisco Secure ACS
AAA Server Functions and Concepts
1-6
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
AAA Protocols—TACACS+ and RADIUS
Cisco Secure ACS can use both the TACACS+ and RADIUS AAA protocols.
Table 1-1 compares the two protocols.
TACACS+
Cisco Secure ACS conforms to the TACACS+ protocol as defined by Cisco
Systems in draft 1.77. For more information, refer to the Cisco IOS software
documentation or Cisco.com (http://www.cisco.com).
RADIUS
Cisco Secure ACS conforms to the RADIUS protocol as defined in draft April
1997 and in the following Requests for Comments (RFCs):
• RFC 2138, Remote Authentication Dial In User Service
• RFC 2139, RADIUS Accounting
• RFC 2865
Table 1-1 TACACS+ and RADIUS Protocol Comparison
Point of Comparison TACACS+ RADIUS
Transmission Protocol TCP—connection-oriented transport
layer protocol, reliable full-duplex
data transmission
UDP—connectionless transport layer
protocol, datagram exchange without
acknowledgments or guaranteed
delivery
Ports Used 49 Authentication and Authorization:
1645 and 1812
Accounting: 1646 and 1813
Encryption Full packet encryption Encrypts only passwords up to 16
bytes
AAA Architecture Separate control of each service:
authentication, authorization, and
accounting
Authentication and authorization
combined as one service
Intended Purpose Device management User access control
To Next Page
Loading...
