RADIUS (Remote Authentication Dial-in User Service) is all-vendor supported AAA protocol. RADIUS was first developed by Livingston Enterprises Inc in 1991, which later merged with Alcatel Lucent. RADIUS later became an Internet Engineering Task Force (IETF) standard. Some RADIUS server implementations use UDP port 1812 for RADIUS authentication and UDP port 1813 for RADIUS accounting. Some other implementations use UDP port 1645 for RADIUS authentication messages and UDP port 1646 for RADIUS accounting
TACACS+ is another AAA protocol. TACACS+ was developed by Cisco from TACACS (Terminal Access Controller Access-Control System, developed in 1984 for the U.S Department of Defense). TACACS+ uses TCP and provides separate authentication, authorization and accounting services. Port used by TACACS+ is TCP 49.
The RADIUS or TACACS+ protocol can provide a central authentication protocol to authenticate users, routers, switches or servers. If your network is growing and if you are are managing a large network environment, authentication using local device user database and authorization using privilege level 15 authorization is not a scalable solution. AAA (Authentication Authorization Accounting) protocol like RADIUS or TACACS+ can provide a better centralized authentication solution in a big enterprise network.
The main differences between RADIUS and TACACS+ can be tabulated as below.
|RADIUS uses UDP as Transport Layer Protocol
||TACACS+ uses TCP as Transport Layer Protocol
|RADIUS uses UDP ports 1812 and 1813 / 1645 and 1646
||TACACS+ uses TCP port 49
|RADIUS encrypts passwords only
||TACACS+ encrypts the entire communication
| RADIUS combines authentication and Authorization
||TACACS+ treats Authentication, Authorization, and Accountability differently
|RADIUS is an open protocol supported by multiple vendors
||TACACS+ is Cisco proprietary protocol
|RADIUS is a light-weight protocol consuming less resources
||TACACS+ is a heavy-weight protocol consuming more resources
|RADIUS is limited to privilege mode
||TACACS+ supports 15 privilege levels
|Mainly used for Network Access
||Mainly used for Device Administration