24.1.2 RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an external
server instead of (or in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate
an unlimited number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
Table 112 RADIUS vs TACACS+
Transport Protocol
Encryption
24.2 AAA Screens
The AAA screens allow you to enable authentication, authorization, accounting or all of them on the
Switch. First, configure your authentication and accounting server settings (RADIUS, TACACS+ or
both) and then set up the authentication priority, activate authorization and configure accounting
settings.
Click Advanced Application > AAA in the navigation panel to display the screen as shown.
Figure 177 Advanced Application > AAA
24.2.1 RADIUS Server Setup
Use this screen to configure your RADIUS server settings. See
information on RADIUS servers and
authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in
the AAA screen to view the screen as shown.
Chapter 24 AAA
RADIUS
UDP (User Datagram Protocol)
Encrypts the password sent for
authentication.
Section 24.3 on page 261
GS3700/XGS3700 Series User's Guide
254
TACACS+
TCP (Transmission Control Protocol)
All communication between the client (the
Switch) and the TACACS server is encrypted.
Section 24.1.2 on page 254
for RADIUS attributes utilized by the
for more