TACACS+ Overview

tacacs-messaging

What is TACACS+?

TACACS+ (Terminal Access Controller Access-Control System) is a AAA protocol that is developed by Cisco. After a while TACACS+ has became a standard protocol that is supported by all vendors. There is also another standard protocol called RADIUS. If you would like to learn more on RADIUS, you can check RADIUS Protocol lesson. You can also reach related rfc, here.

The main duty of TACACS+ is providing device administration. It can also used for netwok access. With this AAA Protocol, network administrators are authenticated to log in the network devices like router, switches, firewalls, etc. in the network.

AAA Protocols can encrypt the full packet or only the passwords. Here,TACACS+ provides a full packet encryption. It encrypts the whole packet. But RADIUS do not encrypt the full packet. It encrypts only passwords, not the full packets. This makes Terminal Access Controller Access-Control System more secure AAA Protocol than RADIUS Protocol.

TACACS+ is also a Client/Server protocol. For different duties (Authenticaiton , Authorization, Accounting), different messages are used between Server and Client. One side is the Client side and the other is the Server side. The messaging between these two end build the session.

TACACS+ uses TCP (Transmission Control Protocol) as a Trasnport Protocol. The TCP Port that is used for this protocol is 49.

Lesson tags: AAA, TACACS+
Back to: JNCIE > Security
Comments are closed.

JNCIE

Collapse
Expand