TACACS+ uses the Transmission Control Protocol (TCP) and RADIUS uses the User Datagram Protocol (UDP). Some administrators recommend using TACACS+ because TCP is seen as a more reliable protocol. Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates the two operations.
Combines authentication & authorization.
Separates all 3 elements of AAA, making it more flexible.
Encrypts only the password.
Encrypts the username and password.
Requires each network device to contain
Central management for authorization configuration.
No command logging.
Full command logging.
Minimal vendor support for authorization.
Supported by most major vendors.
UDP ports 1645/1646, 1812/1813
TCP- Connection oriented
TCP port 49
Designed for subscriber AAA
Designed for administrator AAA
Many vendors support the TACACS+ protocol, including Adtran, Alcatel/Lucent,
Brocade/Foundry, Cisco/Linksys, Ericsson/Redback, Extreme, Fortinet, Fujitsu, HP/3Com,
Huawei, Juniper/Netscreen, Netgear, Nortel, and others.