What is a difference between TACACS+ and RADIUS in AAA?
Click on the arrows to vote for the correct answer
A. B. C. D.A
TACACS+ and RADIUS are both protocols used in AAA (Authentication, Authorization, and Accounting) for network devices. Although they both serve the same purpose, there are some differences between TACACS+ and RADIUS.
A. Only TACACS+ allows for separate authentication:
One key difference between TACACS+ and RADIUS is that only TACACS+ allows for separate authentication. In TACACS+, authentication and authorization are separated, which means that the device sends a separate authentication request and a separate authorization request to the TACACS+ server. This provides greater flexibility in terms of controlling access to network resources. In contrast, RADIUS combines authentication and authorization in a single packet.
B. Only RADIUS encrypts the entire access-request packet:
Another difference between TACACS+ and RADIUS is that only RADIUS encrypts the entire access-request packet. In RADIUS, the entire packet, including the authentication credentials, is encrypted before being sent to the RADIUS server. This provides greater security compared to TACACS+, where only the authentication credentials are encrypted.
C. Only RADIUS uses TCP:
One more difference between TACACS+ and RADIUS is that only RADIUS uses TCP. TCP is a connection-oriented protocol that provides reliable data delivery. In contrast, TACACS+ uses UDP (User Datagram Protocol), which is a connectionless protocol that does not provide reliable data delivery.
D. Only TACACS+ couples authentication and authorization:
Finally, only TACACS+ couples authentication and authorization. This means that TACACS+ combines authentication and authorization into a single packet. This can be useful in some situations, but it also means that TACACS+ lacks the flexibility of separate authentication and authorization requests provided by RADIUS.
In summary, TACACS+ and RADIUS are both protocols used in AAA, but they differ in several ways. Only TACACS+ allows for separate authentication, only RADIUS encrypts the entire access-request packet, only RADIUS uses TCP, and only TACACS+ couples authentication and authorization.