TACACS+

  • TACACS is defined in RFC 1492, and uses (either TCP or UDP) port 49 by default

  • TACACS+ is an entirely new protocol and not compatible with TACACS or XTACACS (Cisco proprietary extension to TACACS) 
  • TACACS+ uses only TCP (49)
  • TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header. Within the header is a field that indicates whether the body is encrypted or not. All exchanges between the network access server and the TACACS+ daemon are encrypted.
  • RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party. 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s