Table of Contents
TACACS and TACACS+ are the 2 widely talked about protocols engaged in handling remote authentication and services for access control. Let’s quickly touch base both before discussing their differences –
What is TACACS
TACACS (Terminal Access Controller Access-Control System) is defined in RFC 1492 standard and supports both TCP and UDP protocols on port number 49. TACACS permits a client to accept a username and password and send a query to a TACACS authentication server.
Related – TACAS Configuration for Netscreen Firewall
TACACS is a comparatively an old protocol and not compatible with its successor TACACS+.
What is TACACS+
TACACS+ has replaced TACACS and provides benefit by separating the functions of Authentication, Authorization and Accounting and by encrypting all traffic between the NAS and the daemon.
Related – Create free TACACs+ Server on Ubuntu Machine
Further, TACACS+ is modular in design and supports plug-in authentication, authorization, and accounting schemes etc.
Difference between both TACACS and TACACS+
TACACS and TACACS+ are both authentication protocols used for remote access control, but they have key differences:
1. Protocol Version
TACACS: The original version, developed in the 1980s.
TACACS+: A more advanced and enhanced version, developed by Cisco in the 1990s.
2. Encryption
TACACS: Encrypts only the password, leaving the rest of the packet (e.g., usernames, commands) in plaintext.
TACACS+: Encrypts the entire authentication packet, providing greater security.
3. Protocol Type
TACACS: Uses UDP (User Datagram Protocol) for communication.
TACACS+: Uses TCP (Transmission Control Protocol), ensuring more reliable data transmission.
4. Support for Authentication, Authorization, and Accounting (AAA)
TACACS: Primarily focused on authentication.
TACACS+: Fully supports all three AAA functions—authentication, authorization, and accounting—allowing for granular control over user access.
5. Vendor-Specific
TACACS: An older protocol, now mostly obsolete.
TACACS+: A Cisco-proprietary protocol, widely used in modern network security implementations.
6. Compatibility
TACACS: Not commonly used in modern networks.
TACACS+: Actively used in Cisco and non-Cisco network environments for secure access control.
Comparison Table: TACACS vs TACACS+
| PARAMETER | TACACS | TACACS+ |
| Abbreviation for | Terminal Access Controller Access Control System | Terminal Access Controller Access Control System Plus |
| Standard | Open Standard | Cisco proprietary |
| Passwords | TACACS does not support prompting for a password change or for the use of dynamic password tokens. | TACACS+ provides for dynamic passwords, two-factor authentication and improved audit functions |
| Protocols supported | uses both TCP and UDP | uses TCP |
| Ports | 49 | 49 |
| Incorporated in | 1984 | 1993 |
| Kerberos secret key authentication | Not supported | Supported |
Download the difference table: tacacs vs tacacs+
Final Words
TACACS+ is a superior and more secure version of TACACS, offering full encryption, better reliability (via TCP), and comprehensive AAA support. If you are setting up network authentication, TACACS+ is the recommended choice.
Related FAQs
Q 1. Does TACACS+ encrypt all communication?
Yes, TACACS+ encrypts the entire authentication packet, ensuring secure transmission of sensitive user credentials and commands.
Q 2. What transport protocol does TACACS+ use?
TACACS+ uses TCP (Transmission Control Protocol), which provides more reliable communication compared to the UDP-based TACACS.
Q 3. Is TACACS+ an open standard?
No, TACACS+ is a Cisco-proprietary protocol, meaning it is mainly used in Cisco environments. However, it can be implemented in non-Cisco devices with proper support.
Q 4. What port does TACACS+ use?
TACACS+ uses TCP port 49 for communication.
Q 5. Can TACACS+ be used for network device authorization?
Yes, TACACS+ supports granular authorization, allowing administrators to control what specific users can do on network devices.
Q 6. What are the common use cases for TACACS+?
1.Secure access control for network administrators.
2.Centralized authentication for routers, switches, and firewalls.
3.Logging user activity for auditing and security compliance.
Q 7. Is TACACS+ still used today?
Yes, TACACS+ is widely used in enterprise networks, especially those with Cisco infrastructure, for secure authentication and authorization of network device access.
ABOUT THE AUTHOR
You can learn more about her on her linkedin profile – Rashmi Bhardwaj
