Which of the following statements are true regarding TACACS+? (Select 2 choices.)
A.
It encrypts the entire body of a packet.
B.
It combines authorization and authentication functions.
C.
It provides router command authorization capabilities.
D.
It uses UDP for packet delivery.
E.
It was developed as an IETF standard protocol.
Explanation:
Terminal Access Controller Access Control System Plus (TACACS+) encrypts the entire body of a packet and
provides router command authorization capabilities. TACACS+ is a Ciscoproprietary protocol that uses
Transmission Control Protocol (TCP) for transport during Authentication, Authorization, and Accounting (AAA)
operations. TACACS+ provides more security and flexibility than other authentication protocols, such as
Remote Authentication DialIn User Service (RADIUS), which is an open standard protocol commonly used as
an alternative to TACACS+. Because TACACS+ can be used to encrypt the entire body of a packet, users who
intercept the encrypted packet cannot view the user name or contents of the packet. In addition, TACACS+
provides flexibility by separating the authentication, authorization, and accounting functions of AAA. This
enables granular control of access to resources. For example, TACACS+ gives administrators control over
access to configuration commands? users can be permitted or denied access to specific configurationcommands. Because of this flexibility, TACACS+ is used with Cisco Secure Access Control Server (ACS),
which is a software tool that is used to manage user authorization for router access.
RADIUS, not TACACS+, was developed as an Internet Engineering Task Force (IETF) standard protocol.
Like TACACS+, RADIUS is a protocol used with AAA operations. However, RADIUS uses User Datagram
Protocol (UDP) for packet delivery and is less secure and less flexible than TACACS+. RADIUS encrypts only
the password of a packet? the rest of the packet would be viewable if the packet were intercepted by a
malicious user. With RADIUS, the authentication and authorization functions of AAA are combined into a single
function, which limits the flexibility that administrators have when configuring these functions.
Furthermore, RADIUS does not provide router command authorization capabilities.Cisco: TACACS+ and RADIUS Comparison: Compare TACACS+ and RADIUS