Scribd
Upload
19 views5 pages

RADIUS

RADIUS is a protocol that provides authentication, authorization, and accounting services and secures networks against unauthorized access, while TACACS+ is a proprietary Cisco protocol that provides centralized access control and authentication as well as authorization and accounting services separately.

Uploaded by

godwin dsouza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views5 pages

RADIUS

RADIUS is a protocol that provides authentication, authorization, and accounting services and secures networks against unauthorized access, while TACACS+ is a proprietary Cisco protocol that provides centralized access control and authentication as well as authorization and accounting services separately.

Uploaded by

godwin dsouza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

RADIUS:

o RADIUS stand for Remote Authentication Dial in User Service.


o RADIUS is a security protocol that secures the network against unauthorized access.
o RADIUS clients run on device & send authentication request to a centralized server.
o RADIUS Server contains network service access information and user authentication.
o RADIUS does not allow users to control which commands can be executed or not.
o Remote Authentication Dial in User Service RADIUS does not support multiprotocol.
o RADIUS encrypts password of the access-request packet only from Client to server.
o RADIUS uses UDP as a transport protocol while TACACS+ uses TCP protocol.
o Remote Authentication Dial in User Service combines authentication & authorization.

TACACS+:
o TACACS+ stands for Terminal Access Controller Access Control System Plus.
o TACACS+ is Cisco proprietary protocol that is used to deliver AAA security services.
o TACACS+ is an application, which is implement through AAA.
o TACACS+ provides centralized acceptance of user to take the access control of device.
o TACACS+ provides other access servers in the network as well.
o TACACS+ provides to control the authorization of router commands per-user or group.
o Terminal Access Controller Access Control System Plus offers multiprotocol support.
o TACACS+ encrypts entire body of the packet but leaves a standard TACACS+ header.

RADIUS TACACS+
RADIUS uses UDP TACACS+ uses TCP
Uses ports 1812/1645 for authentication TACACS+ uses TCP port 49
Uses ports 1813/1646 for accounting
RADIUS encrypts passwords only TACACS+ encrypts the entire communication
RADIUS combines authentication and TACACS+ treats Authentication, Authorization,
Authorization and Accountability differently
RADIUS is an open protocol TACACS+ is Cisco proprietary protocol
RADIUS is a light-weight protocol TACACS+ is a heavy-weight protocol
consuming less resources consuming more resources
RADIUS is limited to privilege mode TACACS+ supports 15 privilege levels
Mainly used for Network Access Mainly used for Device Administration

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Configure RADIUS Authentication:
Click Device –> Server Profiles –> RADIUS –> Add. Here to add the details of your RADIUS
server. Don’t forget to use the same secret key already in the RADIUS configuration.
Profile Name: RADIUS-Pro can give any name you like, checked Administrator Use only,
Choose Authentication Protocol: CHAP, Click add type any name you like for RADIUS Server I
put RAD, type RADIUS Server IP: 192.168.17.1, Type Share secret Key in my case WinRadius,
leave the Port 1812 default. Press OK to submit.

Click Device –> Authentication Profile –> Add. Here you want to make the type ‘RADIUS’ and
choose the profile you created earlier. Give any name you like in my case RADIUS-Auth, go to
advanced tab click on Add button and choose all click OK to submit.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Go to Device > Administrators

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Create the same name as in RADIUS server in my case ali, choose authentication profile created
earlier, press OK and submit.

Click Device –> Setup –> Authentication Settings. Here you want to select the Authentication
Profile you created earlier. Note the failed attempts and lockout time options. Change these as
appropriate for your environment.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Finally, user show below name is ali, Role is Superuser and Authentication Profile is selected.

Commit the Changes by Clicking Commit on top right corner to save the configuration.

Verification:
Try a wrong password to see this System Log entry on the Palo Alto Networks Firewall. With the
right password, the login succeeds and lists these log entries: Monitor > Logs > System.

To troubleshoot, use a test command to check the authentication.


> test authentication authentication-profile ACS username <name> password
> test authentication authentication-profile RADIUS-Auth username ali password
Authentication succeeded for user "ali"

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

You might also like