Tuesday, 13 March 2012


  • TACACS is defined in RFC 1492, and uses (either TCP or UDP) port 49 by default

  • TACACS+ is an entirely new protocol and not compatible with TACACS or XTACACS (Cisco proprietary extension to TACACS) 
  • TACACS+ uses only TCP (49)
  • TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header. Within the header is a field that indicates whether the body is encrypted or not. All exchanges between the network access server and the TACACS+ daemon are encrypted.
  • RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party. 

No comments:

Post a Comment