Similarities and Differences between RADIUS and TACACS

RADIUS and TACACS are protocols an AAA server uses to communicate with client devices and provide AAA services. Both protocols have many similarities and some differences. Learning these will help you choose the appropriate protocol for your AAA server.

Similarities between TACACS and RADIUS

  • Both are authentication protocols.
  • Both use a client/server architecture.
  • Both centralize the authentication process.
  • Both make management easy.
  • Both need a running AAA server in the network.

Functional similarities between TACACS and RADIUS

Both function similarly. Both use a client/server architecture. A client is a network device that supports authentication. A server is a system running the AAA service. When a user enters his login credentials on a client device, the client device forwards that information to the AAA server using TACACS or RADIUS protocol. The AAA server checks its database to verify the received credentials. After checking the received credentials, it sends one of the following responses using the same protocol.

Accept Username and password are correct. Allow the user to log in.
Reject Username and password are invalid. Deny the user to log in.
Challenge Needs additional information.
Change Password Prompt the user to select a new password.

aaa process

Differences between TACACS and RADIUS

The following table compares TACACS with RADIUS and lists their differences.

RADIUS TACACS
It is an open-standard service. It works on all devices. It is a Cisco proprietary service. It works only on Cisco devices.
It uses UDP to exchange information between the server and the client. It uses TCP to exchange information between the server and the client.
It provides authentication and authorization. It provides authentication, authorization, and accounting.
It encrypts only the password. It sends the remaining information in its original format. It encrypts all information.
It is less secure than TACACS. It is more secure than RADIUS.
It provides fewer features and functions than TACACS. It provides more features and functions than RADIUS.

Conclusion

TACACS and RADIUS are remote authentication services. They allow us to authenticate users from a single location. RADIUS is an open standards service. TACACS is a proprietary service. In this tutorial, we compared RADIUS with TACACS and learned their differences.

ComputerNetworkingNotes CCNA Study Guide Similarities and Differences between RADIUS and TACACS