What is a difference between TACACS+ and RADIUS in AAA?
- Only TACACS+ allows for separate authentication.
- Only RADIUS encrypts the entire access-request packet.
- Only RADIUS uses TCP
- Only TACACS+ couples authentication and authorization.
Explanation: TACACS+ is an AAA protocol developed by Cisco. TACACS+ separates the authentication, authorization, and accounting steps. This architecture allows for separate authentication solutions while still using TACACS+ for authorization and accounting. For example, it is possible to use the Kerberos Protocol for authentication and TACACS+ for authorization and accounting. After an AAA client passes authentication through a Kerberos server, the AAA client requests authorization information from a TACACS+ server without the necessity to re-authenticate the AAA client by using the TACACS+ authentication mechanism.
Authentication and authorization are not separated in a RADIUS transaction. When the authentication request is sent to a AAA server, the AAA client expects to have the authorization result sent back in reply.
More Questions: CCNA v3.0 (200-125) Study Guide – Exam Dumps