Hello folks, as we know, both TACACS+ and RADIUS are used to authentication, authorization and accounting for the access users. There are many differences between them, we will introduce the difference between the TACACS+ and RADIUS protocol in this post.

RADIUS was only the AAA protocol used for dial-up users at the very beginning. As user access modes diversifies, such as Ethernet access, RADIUS can also be applied to these access modes. RADIUS provides the access service through authentication and authorization and records the network resource usage of users through accounting. It defines the UDP-based RADIUS packet format and transmission mechanism, and specifies UDP ports 1812 and 1813 as the default authentication and accounting ports respectively.

TACACS+ is introduced based on the TACACS which is a simpel UDP based access control protocol originally developed by BBN for the MILNET. TACACS+ uses TCP for its transport, while the UDP is used in RADIUS. This makes the TACACS+ more reliably than the RADIUS does.

Both TACACS+ and RADIUS protocols can implement authentication, authorization, and accounting. They are similar in that they both have the following characteristics based on client/Server model, share key used for encrypting user information has good flexibility and extensibility. On the other hand, there are many differences between the RADIUS and TACACS+. The following table lists the differences.

As the table lists, RADIUS use UDP protocol to transfer the packets, while it is TCP protocol for TACACS+, and in which situation there is another server status detection mechanism in RADIUS, while it’s not necessary for TACACS+.

On Huawei device, there is an another option HWTACACS+ which enhanced the TACACS and was similar to TACACS+.

That’s all for it, if you want to learn more, please visit our support website( CLICK HERE ) or Knowledge Base(CLICK HERE) to learn more troubleshooting cases