Home Cisco What is the difference between Tacacs and Radius

What is the difference between Tacacs and Radius


What is the difference between Tacacs and Radius :-

If you are network administrator, you need to maintain complete control of your network devices such as Routers, Switches and Firewall. It’s also important to maintain regulators’ like PCI, HIPPA and SOX etc.

RADIUS and TACACS+ are the main protocols typically used to provide Authentication, Authorization, and Accounting (AAA) services on network devices. RADIUS was designed to authenticate and log dial-up remote users to a network, and TACACS+ is used most commonly for administrator access to network devices like routers and switches. This is indicated in the names of the protocols. RADIUS stands for Remote Access Dial-In User Service, and TACACS+ stands for Terminal Access Controller Access Control Service Plus.

The primary functional difference between RADIUS and TACACS+ is that TACACS+ separates out the Authorization functionality, where RADIUS combines both Authentication and Authorization. Though this may seem like a small detail, it makes a world of difference when implementing administrator AAA in a network environment.

RADIUS doesn’t log the commands used by the administrator. It will only log the start, stop, and interim records of that session. This means that if there are two or more administrators logged at any one time, there is no way  to tell from the RADIUS logs which administrator entered which commands.

The TACACS+ protocol was developed to resolve these issues. TACACS+ is a standard protocol developed by the U.S. Department of Defense, and later enhanced by Cisco Systems. TACACS+  separates out the authorization functionality, so it enables additional flexibility and granular access controls on who can run which commands on specified devices. Each command entered by a user is sent back to the central TACACS+ server for authorization, which then checks the command against an authorized list of commands for each user or group. TACACS+ can define policies based on user, device type, location, or time of day.

The TACACS+ service can be run on a Windows Domain Controller or PC and use the locally configured users and groups to control access to devices in your network.

RADIUS was designed for subscriber AAA, and TACACS+ is designed for administrator AAA.




Source of information :- http://tacacs.net/

Hope you like my post.What is the difference between Tacacs and Radius. Please Share with others.

Also Check :-

What is the difference between a Layer-3 switch and a Router

Basic Configuration required to access Internet through Cisco Router

Setting up SSH on Cisco Router


Please enter your comment!
Please enter your name here

2 + five =

This site uses Akismet to reduce spam. Learn how your comment data is processed.