Cisco Systems Servers Server User Manual


 
Chapter 1 Overview of Cisco Secure ACS
AAA Server Functions and Concepts
1-6
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
TACACS+
Cisco Secure ACS conforms to the TACACS+ protocol as defined by Cisco
Systems in draft 1.77. For more information, refer to the Cisco IOS software
documentation or Cisco.com (http://www.cisco.com).
RADIUS
Cisco Secure ACS conforms to the RADIUS protocol as defined in draft April
1997 and in the following Requests for Comments (RFCs):
RFC 2138, Remote Authentication Dial In User Service
RFC 2139, RADIUS Accounting
RFC 2865
RFC 2866
RFC 2867
RFC 2868
The ports used for authentication and accounting have changed in RADIUS RFC
documents. To support both the older and newer RFCs, Cisco Secure ACS accepts
authentication requests on port 1645 and port 1812. For accounting,
Cisco Secure ACS accepts accounting packets on port 1646 and 1813.
Table 1-1 TACACS+ and RADIUS Protocol Comparison
TACACS+ RADIUS
TCP
Connection-oriented transport
layer protocol, reliable
full-duplex data transmission
UDP
Connectionless transport layer protocol,
datagram exchange without
acknowledgments or guaranteed delivery
Full packet encryption Encrypts only passwords up to 16 bytes
Independent AAA architecture Authentication and authorization combined
Useful for router management Less intrinsically suited for router
management