Natr Brazell wrote: > Wasn't suggesting I'd use TACACS+. I am in the process of replacing my > customers existing TACACS+ architecture however they keep coming back to > the ability of TACACS+ over Radius to secure, or rather, not send > accounting data across the network in the clear. (I assume this is the > case) I think I'm going to have to address this over and over again.
The accounting data is sent in the clear on a LAN. This shouldn't be a problem. If you're sending accounting data across the Internet, use IPSec. Don't even pretend to use anything else. RADIUS (and TACACS+) security is simply not as good as IPSec. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
