TACACS/+ Provides a way to centrally validate users attempting to gain access to a router or access server. TACAS+ provides a standard Method for managing dissimilar network access servers (NAS) from single set of management services. TACACS+ has three major components:
1) The protocol support within the Access servers and routers.
2) The protocol specification.
3) The centralized security database.
TACAS also has AAA Authentication Authorization Accounting. Forwards many types of username password info (ARA,Slip, PAP, CHAP, KCHAP)
Authorization has a mechanism which tells a access server which access list a user connected to a port uses.
Accounting: TACACs+ Provides Accounting Information to a database through TCP to ensure a more secure and complete accounting log, audit information and billing information.
Distinctions between Radius and TACAS:
1) Radius (UDP) TACAS+ TCP
2) TACACS+ separates authentication and authorization. Radius provides a user profile with auhentication that defines all the user specific parameters.
3) TACACS is typically used only for network devices, such as routers and switches, Radius is used by PC’s and network devices.