AAA
Comparing TACACS+ and RADIUS

While TACACS+ and RADIUS share much of the same functionality, there are several important differences between them. A network administrator should understand these differences in order to make the most appropriate choice in implementing one or both of them in a network. These differences are outlined in Figures and .

TACAC+ is generally considered superior because of the following reasons:

  • TACACS+ encrypts the entire TACACS+ packet, while RADIUS only encrypts the shared secret password portion.
  • TACACS+ separates authentication and authorization, making possible distributed security services.
  • RADIUS has limited name space for attributes.