AAA Protocols : RADIUS and TACACS+

radius-versus-tacacs

AAA Protocols : RADIUS and TACACS+

Networks need to be protected against any unknown access. In other words, network administrators need to control the users that can access to the network. They need to check who they are, what are they allowed for and what did they do. These three questions are the main explanation of AAA (Authentication, Authorization, Accounting).

Authentication : Who are you?
Authorization : What do you allowed to do?
Accounting : What did you do?

There are some protocols for AAA (Authentication, Authorization, Accounting).In this lesson, we will talk about two of these protocols. RADIUS and TACACS+. There is also another AAA protocol called “Diameter” that we will talk about later. Here, we will focus on RADIUS and TACACS+.

RADIUS is the abbreviation of “Remote Access Dial-In User Service” and TACACS+ is the abviation of “Terminal Access Controller Access-Control System”. As you see, it is better to use abbreviations and you will always come across the abraviations not the whole name.

You can find the main differences between RADIUS and TACACS+ in the below table. In the following RADIUS and TACACS+ lessons, we will discuss these AAA Protocols and their characteristics detaily.

Other AAA Articles:

Authentication, Authorization, Accounting – AAA Overview
Authentication, Authorization, Accounting – AAA Protocols
Authentication, Authorization, Accounting – RADIUS Overview
Authentication, Authorization, Accounting – TACACS+ Overview
Authentication, Authorization, Accounting – Huawei AAA Configuration


radius-versus-tacacs

RADIUS and TACACS Usage

Generally these two protocols are used at the same time in the networks. Because, the have their own common duties and all of these duties are very common for a network.

First of all, using RADIUS and TACACS+ together is common but a recommended best practice is doing this in different servers in the networks. Because, the working type of each protocol is different and a network needs the common duty of these two important protocol. Here, a server will be used as RADIUS Server and another will be used as TACACS+ Server.

Secondly, the important point is the location of RADIUS and TACACS+ Servers. Users will be in an untrusted network and they would like to enter the network via RADIUS. RADIUS will be used to subscribe users to the network. Here, RADIUS Server can be reside in a semi-trusted network.

This must be more secure for TACACS+. TACACS+ Server must be in a tusted network. Because, TACACS+ Server provide device authentication and any unwanted users can cause a potantial risks on your network if your server reside in an untrusted network.

Other AAA Articles:

Authentication, Authorization, Accounting – AAA Overview
Authentication, Authorization, Accounting – AAA Protocols
Authentication, Authorization, Accounting – RADIUS Overview
Authentication, Authorization, Accounting – TACACS+ Overview
Authentication, Authorization, Accounting – Huawei AAA Configuration

Leave a Reply