RADIUS AND TACACS ( AAA Server )

AAA ( Authentication Authorization Accounting ) Server

RADIUS Server
is commonly used to authenticate users connecting to Wi-Fi, VPNs, or wired 802.1X networks.

When you connect to a corporate Wi-Fi and enter:

  • Username: rohith
  • Password: Cisco123

          Username + Password


Access Point (AP)

RADIUS Request
UDP Port 1812


RADIUS Server
(Cisco ISE / FreeRADIUS /
Microsoft NPS)

Accept / Reject


Access Point


Laptop Connected

TACACS+ Server is typically used to authenticate and authorize network administrators logging into routers, switches, and firewalls. It also supports command-by-command authorization, making it well suited for managing administrative access.

Download putty tool

ssh - secured login

ssh -l admin 192.168.10.1  ( admin is username ) 

enter password

telnet - unsecured login.

no username and password.. 

Difference Between RADIUS and TACACS+

FeatureRADIUSTACACS+
ProtocolUDPTCP
Port1812 (authentication), 1813 (accounting)49
EncryptsPassword onlyEntire packet payload
AuthenticationYesYes
AuthorizationLimitedGranular command authorization
AccountingYesYes
Best UseNetwork access (Wi-Fi, VPN, 802.1X)Device administration (routers, switches, firewalls)

Comments

Popular posts from this blog

🖧 VLAN (Virtual Local Area Network)

🌐 NAT (Network Address Translation)

🛰️ OSPF (Open Shortest Path First)