Table of Contents
TACACS and TACACS+ are the 2 widely talked about protocols engaged in handling remote authentication and services for access control. Let’s quickly touch base both before discussing their differences –
What is TACACS
TACACS (Terminal Access Controller Access-Control System) is defined in RFC 1492 standard and supports both TCP and UDP protocols on port number 49. TACACS permits a client to accept a username and password and send a query to a TACACS authentication server.
Related – TACAS Configuration for Netscreen Firewall
TACACS is a comparatively an old protocol and not compatible with its successor TACACS+.
What is TACACS+
TACACS+ has replaced TACACS and provides benefit by separating the functions of Authentication, Authorization and Accounting and by encrypting all traffic between the NAS and the daemon.
Related – Create free TACACs+ Server on Ubuntu Machine
Further, TACACS+ is modular in design and supports plug-in authentication, authorization, and accounting schemes etc.
Difference between both TACACS and TACACS+
TACACS and TACACS+ are both authentication protocols used for remote access control, but they have key differences:
1. Protocol Version
TACACS: The original version, developed in the 1980s.
TACACS+: A more advanced and enhanced version, developed by Cisco in the 1990s.
2. Encryption
TACACS: Encrypts only the password, leaving the rest of the packet (e.g., usernames, commands) in plaintext.
TACACS+: Encrypts the entire authentication packet, providing greater security.
3. Protocol Type
TACACS: Uses UDP (User Datagram Protocol) for communication.
TACACS+: Uses TCP (Transmission Control Protocol), ensuring more reliable data transmission.
4. Support for Authentication, Authorization, and Accounting (AAA)
TACACS: Primarily focused on authentication.
TACACS+: Fully supports all three AAA functions—authentication, authorization, and accounting—allowing for granular control over user access.
5. Vendor-Specific
TACACS: An older protocol, now mostly obsolete.
TACACS+: A Cisco-proprietary protocol, widely used in modern network security implementations.
6. Compatibility
TACACS: Not commonly used in modern networks.
TACACS+: Actively used in Cisco and non-Cisco network environments for secure access control.
Comparison Table: TACACS vs TACACS+
| PARAMETER | TACACS | TACACS+ |
| Abbreviation for | Terminal Access Controller Access Control System | Terminal Access Controller Access Control System Plus |
| Standard | Open Standard | Cisco proprietary |
| Passwords | TACACS does not support prompting for a password change or for the use of dynamic password tokens. | TACACS+ provides for dynamic passwords, two-factor authentication and improved audit functions |
| Protocols supported | uses both TCP and UDP | uses TCP |
| Ports | 49 | 49 |
| Incorporated in | 1984 | 1993 |
| Kerberos secret key authentication | Not supported | Supported |
Download the difference table: tacacs vs tacacs+
Final Words
TACACS+ is a superior and more secure version of TACACS, offering full encryption, better reliability (via TCP), and comprehensive AAA support. If you are setting up network authentication, TACACS+ is the recommended choice.
Related FAQs
Q 1. Does TACACS+ encrypt all communication?
- Yes, TACACS+ encrypts the entire authentication packet, ensuring secure transmission of sensitive user credentials and commands.
Q 2. What transport protocol does TACACS+ use?
- TACACS+ uses TCP (Transmission Control Protocol), which provides more reliable communication compared to the UDP-based TACACS.
Q 3. Is TACACS+ an open standard?
- No, TACACS+ is a Cisco-proprietary protocol, meaning it is mainly used in Cisco environments. However, it can be implemented in non-Cisco devices with proper support.
Q 4. What port does TACACS+ use?
- TACACS+ uses TCP port 49 for communication.
Q 5. Can TACACS+ be used for network device authorization?
- Yes, TACACS+ supports granular authorization, allowing administrators to control what specific users can do on network devices.
Q 6. What are the common use cases for TACACS+?
- Secure access control for network administrators.
- Centralized authentication for routers, switches, and firewalls.
- Logging user activity for auditing and security compliance.
Q 7. Is TACACS+ still used today?
- Yes, TACACS+ is widely used in enterprise networks, especially those with Cisco infrastructure, for secure authentication and authorization of network device access.
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
