Cisco Systems Servers Manuale Utente
Chapter 1 Overview of Cisco Secure ACS
AAA Server Functions and Concepts
1-6
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
TACACS+
Cisco Secure ACS conforms to the TACACS+ protocol as defined by Cisco
Systems in draft 1.77. For more information, refer to the Cisco IOS software
documentation or Cisco.com (http://www.cisco.com).
Systems in draft 1.77. For more information, refer to the Cisco IOS software
documentation or Cisco.com (http://www.cisco.com).
RADIUS
Cisco Secure ACS conforms to the RADIUS protocol as defined in draft April
1997 and in the following Requests for Comments (RFCs):
1997 and in the following Requests for Comments (RFCs):
•
RFC 2138, Remote Authentication Dial In User Service
•
RFC 2139, RADIUS Accounting
•
RFC 2865
•
RFC 2866
•
RFC 2867
•
RFC 2868
The ports used for authentication and accounting have changed in RADIUS RFC
documents. To support both the older and newer RFCs, Cisco Secure ACS accepts
authentication requests on port 1645 and port 1812. For accounting,
Cisco Secure ACS accepts accounting packets on port 1646 and 1813.
documents. To support both the older and newer RFCs, Cisco Secure ACS accepts
authentication requests on port 1645 and port 1812. For accounting,
Cisco Secure ACS accepts accounting packets on port 1646 and 1813.
Table 1-1
TACACS+ and RADIUS Protocol Comparison
TACACS+
RADIUS
TCP
Connection-oriented transport
layer protocol, reliable
full-duplex data transmission
layer protocol, reliable
full-duplex data transmission
UDP
Connectionless transport layer protocol,
datagram exchange without
acknowledgments or guaranteed delivery
datagram exchange without
acknowledgments or guaranteed delivery
Full packet encryption
Encrypts only passwords up to 16 bytes
Independent AAA architecture
Authentication and authorization combined
Useful for router management
Less intrinsically suited for router
management
management