An Overview of Portnox Cloud TACACS+ and Comparison with Cisco ISE and Other NAC Solutions

Portnox Cloud TACACS+:

Portnox provides a cloud-based TACACS+ solution, integrating it with RADIUS protocols for comprehensive network access control across NAS and other infrastructure devices. This hybrid approach leverages the strengths of both protocols.

Key Components of Portnox Cloud TACACS+:

  • Portnox Cloud Platform: Centralized portal for access control policies and user identity management, integrating with Azure AD or Entra ID.
  • Cloud RADIUS Servers: Handle user identity validation and authentication.
  • Local TACACS+ Server: Deployed on-premises (VM/container or network), bridging devices with Portnox Cloud.
  • NAS/Network Devices: Configured for access management using Portnox Cloud TACACS+.

How Portnox Cloud TACACS+ Works:

  1. Authentication: User access requests to NAS devices are authenticated against Azure AD/Entra ID via Cloud RADIUS servers.
  2. Authorization and Accounting: Post-authentication, the local TACACS+ server enforces access policies, with the NAS device reporting user activity for auditing.

Benefits:

  • Unified policy management via cloud platform.
  • Strong multi-factor authentication through Cloud RADIUS.
  • Granular controls and session management with TACACS+.
  • Centralized logging and auditing.

However, it’s important to note that Portnox’s solution is not 100% TACACS+. It’s a hybrid system integrating TACACS+ with other technologies, primarily cloud-based RADIUS services.

Cisco ISE Hybrid Configuration:

Cisco ISE can be similarly configured in a hybrid manner, using RADIUS for Azure AD/Entra ID integration for user authentication and TACACS+ for device administration. This provides flexible management of user access and network device administration, enhanced security, and comprehensive control and visibility.

Comparison with Other NAC Vendors:

Like Portnox, other Network Access Control (NAC) vendors often employ a mix of different protocols and solutions to cater to the diverse needs of network security. The choice to integrate RADIUS and TACACS+ or other technologies depends on specific network requirements, existing infrastructure, and security policies.

Conclusion:

Both Portnox Cloud TACACS+ and Cisco ISE demonstrate the evolving nature of network access control, moving towards flexible, hybrid solutions that integrate traditional protocols with modern cloud-based identity services. This trend reflects the broader NAC market, where customization and integration of various technologies are key to meeting complex security needs.