TACACS+
Terminal Access Controller Access Control System Plus (TACACS+)
The Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco. It is derived from the TACACS protocol and performs AAA separately, unlike RADIUS. It is primarily used for device administration.
TACACS+ encrypts the entire communication between the client and server, including the user’s password, which protects it from sniffing attacks. It is a client-server model approach in which the client (user or network device) requests for connection to a server and the server authenticates the user by examining their credentials.
- Authentication of TACACS+
Consider the following example of authentication where a laptop user is connecting to a network-attached storage (NAS, router). The TACACS+ authentication involves the following steps:
Step 1: A user initiates the connection for authentication
Step 2: The router and the user exchange authentication parameters
Step 3: The router sends the parameters to the server for authentication Step 4: The server responds with the REPLY message based on the provided information
- Remote user to AAA client and TACACS+ server
- Difference between RADIUS and TACACS+
TACACS+ uses Transmission Control Protocol (TCP) port 49 to communicate between the TACACS+ client and the TACACS+ server.
