PrepAway - Latest Free Exam Questions & Answers

RADIUS and TACACS+ have which of the following in common? (Select the best answer.)

RADIUS and TACACS+ have which of the following in common? (Select the best answer.)

A. They communicate by using the same transport protocol.

B. They are AAA protocols.

C. They are Ciscoproprietary protocols.
D. They encrypt the entire packet.

Explanation:
Terminal Access Controller Access Control System Plus (TACACS+) and Remote Authentication DialIn User Service (RADIUS) are both Authentication, Authorization, and Accounting (AAA) protocols. However, there are some important differences between TACACS+ and RADIUS.
TACACS+ encrypts the entire body of a packet and provides router command authorization capabilities.
TACACS+ is a Ciscoproprietary protocol that uses Transmission Control Protocol (TCP) for transport during AAA operations. TACACS+ provides more security and flexibility than other authentication protocols, such as RADIUS, which is an open standard protocol commonly used as an alternative to TACACS+. Because TACACS+ can be used to encrypt the entire body of a packet, users who intercept the encrypted packet cannot view the user name or contents of the packet. In addition, TACACS+ provides flexibility by separating the authentication, authorization, and accounting functions of AAA. This enables granular control of access to resources. For example, TACACS+ gives administrators control over access to configuration commands? users can be permitted or denied access to specific configuration commands. Because of this flexibility, TACACS+ is used with Cisco Secure Access Control Server (ACS), which is a software tool that is used to manage user authorization for router access.
RADIUS was developed as an Internet Engineering Task Force (IETF) standard protocol. Like TACACS+, RADIUS is a protocol used with AAA operations. However, RADIUS uses User Datagram Protocol (UDP) for packet delivery and is less secure and less flexible than TACACS+. RADIUS encrypts only the password of a packet? the rest of the packet would be viewable if the packet were intercepted by a malicious user. With RADIUS, the authentication and authorization functions of AAA are combined into a single function, which limits the flexibility that administrators have when configuring these functions. Furthermore, RADIUS does not provide router command authorization capabilities.
Reference:
Cisco: TACACS+ and RADIUS Comparison: Compare TACACS+ and RADIUS


Leave a Reply