RADIUS and TACACS+ have which of the following in common? (Select the best answer.)
A.
They communicate by using the same transport protocol.
B.
They are AAA protocols.
C.
They are Ciscoproprietary protocols.
D.
They encrypt the entire packet.
Explanation:
Terminal Access Controller Access Control System Plus (TACACS+) and Remote Authentication DialIn User
Service (RADIUS) are both Authentication, Authorization, and Accounting (AAA) protocols. However, there are
some important differences between TACACS+ and RADIUS.
TACACS+ encrypts the entire body of a packet and provides router command authorization capabilities.
TACACS+ is a Ciscoproprietary protocol that uses Transmission Control Protocol (TCP) for transport duringAAA operations. TACACS+ provides more security and flexibility than other authentication protocols, such as
RADIUS, which is an open standard protocol commonly used as an alternative to TACACS+. Because
TACACS+ can be used to encrypt the entire body of a packet, users who intercept the encrypted packet cannot
view the user name or contents of the packet. In addition, TACACS+ provides flexibility by separating the
authentication, authorization, and accounting functions of AAA. This enables granular control of access to
resources. For example, TACACS+ gives administrators control over access to configuration commands?
users can be permitted or denied access to specific configuration commands. Because of this flexibility,
TACACS+ is used with Cisco Secure Access Control Server (ACS), which is a software tool that is used to
manage user authorization for router access.
RADIUS was developed as an Internet Engineering Task Force (IETF) standard protocol. Like TACACS+,
RADIUS is a protocol used with AAA operations. However, RADIUS uses User Datagram Protocol (UDP) for
packet delivery and is less secure and less flexible than TACACS+. RADIUS encrypts only the password of a
packet? the rest of the packet would be viewable if the packet were intercepted by a malicious user. With
RADIUS, the authentication and authorization functions of AAA are combined into a single function, which limits
the flexibility that administrators have when configuring these functions. Furthermore, RADIUS does not provide
router command authorization capabilities.Cisco: TACACS+ and RADIUS Comparison: Compare TACACS+ and RADIUS