In Centralized Database we do not create separate user login for each user.
Client & Server based communication is made in AAA Server, where AAA server authenticates the Client login. The usernames and databases are kept in centralized Server called AAA Server. This keeps Router idle from processing all this.
Router --- <communicates with> ---- AAA Server
Router --- <makes request to> ---- AAA Server
AAA Server ---- <responds back to> ---- Router
This conversation takes place through RADIUS & TACACS Server
RADIUS (Remote Authentication Dial in User Service)
- It is an open standard method of communicating with AAA Server.
- It encrypts login passwords, while the other communication between client & Server.
- It uses UDP layer for Transport Protocol, hence unreliable.
- It uses port no 1812 for Authentication, 1813-Authorization.
- It is used for Authenticating end users.
TACACS (Terminal Access Controller Access Control System)
- It is a Cisco Proprietary method.
- It encrypts the entire communication between Client & Server.
- It uses TCP port no.49 at layer 4.
- It has separate control for communication (for authenticating & authorizing) .
No comments:
Post a Comment