Search

AAA RADIUS and TACACS+, Difference between RADIUS and TACACS+

RADIUS (Remote Authentication Dial-in User Service) is all-vendor supported AAA protocol. RADIUS was first developed by Livingston Enterprises Inc in 1991, which later merged with Alcatel Lucent. RADIUS later became an Internet Engineering Task Force (IETF) standard. Some RADIUS server implementations use UDP port 1812 for RADIUS authentication and UDP port 1813 for RADIUS accounting. Some other implementations use UDP port 1645 for RADIUS authentication messages and UDP port 1646 for RADIUS accounting

TACACS+ is another AAA protocol. TACACS+ was developed by Cisco from TACACS (Terminal Access Controller Access-Control System, developed in 1984 for the U.S Department of Defense). TACACS+ uses TCP and provides separate authentication, authorization and accounting services. Port used by TACACS+ is TCP 49.

The RADIUS or TACACS+ protocol can provide a central authentication protocol to authenticate users, routers, switches or servers. If your network is growing and if you are are managing a large network environment, authentication using local device user database and authorization using privilege level 15 authorization is not a scalable solution. AAA (Authentication Authorization Accounting) protocol like RADIUS or TACACS+ can provide a better centralized authentication solution in a big enterprise network.

The main differences between RADIUS and TACACS+ can be tabulated as below.

RADIUS TACACS+
RADIUS uses UDP as Transport Layer Protocol TACACS+ uses TCP as Transport Layer Protocol
RADIUS uses UDP ports 1812 and 1813 / 1645 and 1646 TACACS+ uses TCP port 49
RADIUS encrypts passwords only TACACS+ encrypts the entire communication
RADIUS combines authentication and Authorization TACACS+ treats Authentication, Authorization, and Accountability differently
RADIUS is an open protocol supported by multiple vendors TACACS+ is Cisco proprietary protocol
RADIUS is a light-weight protocol consuming less resources TACACS+ is a heavy-weight protocol consuming more resources
RADIUS is limited to privilege mode TACACS+ supports 15 privilege levels
Mainly used for Network Access Mainly used for Device Administration
Related Tutorials