radius vs tacacs+

radius is UDP, so need re-transmit attempts, time-outs to compensate for best-effort transport,

tacacs+ is TCP,

– ACK within network round-trip time, i.e., RTT, regardless how loaded and slow the backend auth mechanism might be
– immediate indication of crashed, or not running, server by a reset RST;
    UDP cannot tell the diff between a server that is down, slow, or non-existent
– TCP keepalive, server crashes can be detected out-of-band with actual requests; can maintain multiple server connections simultaneously.

Pakcet encryption

radius only encrypts pass in the access-request packet, from client to server,

tacacs+ has header field to indicate whether the body is encrypted or not

radius combines authentication and authorization,

tacacs+ separates AAA. can use kerberos to do authentication,

permission granted upon particular com,and

TODO: diameter


One thought on “radius vs tacacs+

  1. 第71回 菊花賞 2010 今年の波乱を大予想!出走馬の厳選された情報だけを公開…気になるアノ馬の仕上がり具合とは?さらにオッズやデータを分析し、必勝買い目を導き出す!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s