AAA and 802.1X Authentication

Hi Francesco,

We use RADIUS and TACACS+ for both user authentication and management. For example, with wireless networks we use RADIUS for user authentication (WPA2-enterprise). This allows us to use client and server certificates and it’s a far more secure solution than using pre-shared keys only.

For network management, it’s useful since you can centralize all your authentication instead of creating usernames/passwords on each and every router, switch, firewall, etc on your network.

It’s used on local networks, the only time you might use it on the Internet is if you have a branch office and you want to use the RADIUS/TACACS+ server on the main site. In that case, you would use a VPN tunnel.

Rene