Question 138 of 367 from exam 200-301-CCNA: Implementing and Administering Cisco Solutions

Question 138 of 367 from exam 200-301-CCNA: Implementing and Administering Cisco Solutions


What is the difference between RADIUS and TACACS+?



A. B. C. D.


RADIUS (Remote Authentication Dial-In User Service) and TACACS+ (Terminal Access Controller Access Control System Plus) are both protocols used for network access authentication and authorization. Although they serve a similar purpose, there are several differences between the two protocols.

  1. Authentication and Authorization Separation: TACACS+ separates authentication and authorization, allowing for more fine-grained control over access permissions. Authentication is the process of verifying the identity of a user, while authorization is the process of determining what resources a user can access. By separating the two processes, TACACS+ provides greater flexibility and control over network access.

RADIUS, on the other hand, merges authentication and authorization into a single process. While this approach is simpler and easier to manage, it can be less flexible and may not provide the same level of granularity as TACACS+.

  1. Encryption: Both RADIUS and TACACS+ support encryption, but they differ in the level of encryption provided. TACACS+ encrypts the entire payload, including both the username and password. RADIUS, on the other hand, only encrypts the password information.

  2. Command Logging: Another difference between RADIUS and TACACS+ is the type of command logging they provide. RADIUS logs all commands that are entered by the administrator, while TACACS+ only logs start, stop, and interim commands. This makes TACACS+ more suitable for environments where auditing is a top priority.

  3. Applicability: RADIUS is most commonly used for dial-up authentication scenarios, while TACACS+ can be used for a variety of network access types, including dial-up, SSH, and VPN.

In summary, while both RADIUS and TACACS+ provide authentication and authorization services for network access control, they differ in several key areas. TACACS+ provides more granular control over access permissions, offers stronger encryption, and is better suited for auditing, while RADIUS is simpler to manage and is primarily used for dial-up authentication scenarios.