Similarities and Differences between RADIUS and TACACS
RADIUS and TACACS are protocols that AAA servers use to communicate with client devices and provide AAA services. Both protocols have many similarities and some differences. Learning these will help you choose the appropriate protocol for your AAA server.
Similarities between TACACS and RADIUS
- Both are authentication protocols.
- Both use a client/server architecture.
- Both centralize the authentication process.
- Both make management easy.
- Both need a running AAA server in the network.
Functional similarities between TACACS and RADIUS
Both function similarly. Both use a client/server architecture. A client is a network device that supports authentication. A server is a system running the AAA service. When a user enters their login credentials on a client device, the device forwards the credentials to the AAA server via TACACS or RADIUS. The AAA server checks its database to verify the received credentials. After checking the received credentials, it sends one of the following responses using the same protocol.
| Accept | Username and password are correct. Allow the user to log in. |
| Reject | Username and password are invalid. Deny the user from logging in. |
| Challenge | Further authentication is required. |
| Change Password | Prompt the user to select a new password. |

Differences between TACACS and RADIUS
The following table compares TACACS with RADIUS and lists their differences.
| RADIUS | TACACS |
| It is an open-standard service. | It works on all devices. It is a Cisco proprietary service. It works only on Cisco devices. |
| It uses UDP to exchange information between the server and the client. | It uses TCP to exchange information between the server and the client. |
| It provides authentication and authorization. | It provides authentication, authorization, and accounting. |
| It encrypts only the password. | It sends the remaining information in its original format. It encrypts all information. |
| It is less secure than TACACS. | It is more secure than RADIUS. |
| It provides fewer features and functions than TACACS. | It provides more features and functions than RADIUS. |
Conclusion
TACACS and RADIUS are remote authentication services. They allow us to authenticate users from a single location. RADIUS is an open standards service. TACACS is a proprietary service. This tutorial compared RADIUS with TACACS and described their differences.
Author Laxmi Goswami Updated on 2026-05-06