AAA Services
RADIUS: Remote Authentication Dial-in User Service
- Port 1812 UDP for authentication
- Port 1813 TCP for accounting
- WPA Enterprise / WPA2 Enterprise both require a RADIUS server.
- RADIUS clients are also referred to as 802.1x clients.
- RADIUS is a client/server protocol.
- Communication between the client and the RADIUS server uses UDP
- RADIUS is vendor-neutral
- Only encrypts the passwords
Diameter
- Uses TCP for communication between client and server.
- Considered to be an improvement over RADIUS.
- Diameter also works with VoIP
- Used for both local and remote access
TACACS+: Terminal Access Controller Access-Control System
Plus
- TACACS+ provides a more advanced AAA
- Three different servers, Authentication, Authorization, Accounting
- Communicates over TCP
- Uses Port 49 TCP
- Manages routers and switches (Network infrastructure devices)
- Encrypts the entire packet
- TACACS+ is a proprietary protocol
No comments:
Post a Comment