On this forum, ACS should be mentioned (especially since this is an IE forum).
Geographically dispersed RADIUS or TACACS is highly recommended.
You didn't mention what it's for- dot1x or device administration? Either way, they both work, but you'll get more features (depending upon what you are using it for) with TACACS and AD integration. Make sure you use LOCAL at the end of your aaa statements in your configs as well.
Regards,
Jay McMickle CCIE #35355
Sent from my iPhone
On Apr 18, 2013, at 11:59 AM, Eduardo VC!zquez <evazquez_at_gmail.com> wrote:
> You can set up multiple RADIUS servers, but you must replicate your users
> some how on the servers. If you do RADIUS on windows, if the servers are
> part of the domain, they should be able to query their local domain
> controller for the information.
>
>
> On Thu, Apr 18, 2013 at 11:54 AM, Cisco Fanatic
> <ebay_products_at_hotmail.com>wrote:
>
>> Is RADIUS recommended as an authentication mechanism when you have HQ and
>> multiple remote sites?
>>
>> If sites are geographically dispersed does it means that the remote user
>> have
>> to authenciate itself to a RADIUS server in HQ? Will this not add to delays
>> over the WAN? What if we lose the server in HQ?
>>
>> -Yuri
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 18 2013 - 12:10:42 ART
This archive was generated by hypermail 2.2.0 : Wed May 01 2013 - 06:47:40 ART