Answer the question
In order to leave comments, you need to log in
P
P
petrovkazanksvu12021-03-03 13:44:02
petrovkazanksvu1, 2021-03-03 13:44:02
What is the most applicable authentication protocol for cisco, juniper routers?
Good day, ALL!
There is such a task:
Given: 1) 10-15
cisco
, juniper routers
2) Astra Linux server software
AAA model.
I already rolled freeradius there, screwed the web-face, RUSIFIED a little and REDISTERED it, everything works ... it seems the task is completed, but there is one thing .. It turns out that the tsiska supports not only radius and tacacs, but also ldap and kerberos. And I’m thinking whether it’s worth it to strain and try to authenticate through the server using the LDAP protocol and kerberos, that is, we have a cisco as a client, and Astra linux as an authentication server.
QUESTION: Have any of you set up remote authentication for cisco routers via LDAP or Kerberos and is it worth it? Or have you always used Radius or Tacacs???
2 answer(s)
@petrovkazanksvu1
In general, small ones use a radius to access control, large ones use takaks. Takaks is better in terms of separation of authorization and authentication. That is, within the framework of an already authenticated session, you can drive in different commands, the verification of the rights to run which will be checked on the server. And already behind the tax is some other backend in the form of a database or Active Directory. On network equipment, usually no one sets up direct authentication in AD or kerberos due to the fact that the protocols are poorly specified, and few equipment supports them.
Whether you should do this for a diploma, no one knows except you. But in general, a dubious topic for protection in an educational institution.
@firedragon
These are still Windows solutions (I know that they are not, but in this area) So think for yourself
V
Valentine, 2021-03-03 @petrovkazanksvu1
provide authentication of all ciscos through the authentication server (Astra Linux), i.e. AAA model
- What is the purpose of authentication? To control equipment or to provide access to the network?
- Need only authentication? Authorization and accounting already done?
In general, small ones use a radius to access control, large ones use takaks. Takaks is better in terms of separation of authorization and authentication. That is, within the framework of an already authenticated session, you can drive in different commands, the verification of the rights to run which will be checked on the server. And already behind the tax is some other backend in the form of a database or Active Directory. On network equipment, usually no one sets up direct authentication in AD or kerberos due to the fact that the protocols are poorly specified, and few equipment supports them.
Whether you should do this for a diploma, no one knows except you. But in general, a dubious topic for protection in an educational institution.
V
Vladimir Korotenko, 2021-03-03 @firedragon
LDAP or Kerberos
These are still Windows solutions (I know that they are not, but in this area) So think for yourself
Similar questions
V
N
D
R
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question