Cisco CCNP Certification Exam Tutorial: Knowing RADIUS and TACACS+ For Your ISCW Exam

May 4 15:15 2008 Chris Bryant Print This Article

As part of your CCNP certification exam studies, particularly for the ISCW exam, you need to be very clear on the differences between TACACS+ and RADIUS.   Learn all about these differences in this exclusive article!

As part of your CCNP certification exam studies,Guest Posting particularly for the ISCW exam, you need to be very clear on the differences between TACACS+ and RADIUS.


As a CCNA and future CCNP, you've already configured authentication in the form of creating a local database of usernames and passwords for both Telnet access and PPP authentication.  This is sometimes called a self-contained AAA deployment, since no external server is involved.

It's more than likely that you'll be using a server configured for one of the following security protocols:

TACACS+, a Cisco-proprietary, TCP-based protocol

RADIUS, an open-standard, UDP-based protocol originally developed by the IETF

An obvious question is "If there's a TACACS+, what about TACACS?"  TACACS was the original version of this protocol and is rarely used today.

Before performing AAA Authentication configuration, there are some other TACACS+ / RADIUS differences you should be aware of:

While TACACS+ encrypts the entire packet, RADIUS encrypts only the password in the initial client-server packet.

RADIUS actually combines the authentication and authorization processes, making it very difficult to run one but not the other. 

TACACS+ considers Authentication, Authorization, and Accounting to be separate processes.   This allows another method of authentication to be used (Kerberos, for example), while still using TACACS+ for authorization and accounting.

RADIUS does not support the Novell Async Services Interface (NASI) protocol, the NetBIOS Frame Protocol Control protocol, X.25 Packet Assembler / Disassembler (PAD), or the AppleTalk Remote Access Protocol (ARA or ARAP).  TACACS+ supports all of these.

RADIUS implementations from different vendors may not work well together, or at all.

RADIUS can't control the authorization level of users, but TACACS+ can.

We’ll discuss the uses of both of these protocols in a future CCNP certification tutorial!   Look for more CCNA, CCENT, and CCNP tutorials right here on this same website!

Source: Free Guest Posting Articles from

About Article Author

Chris Bryant
Chris Bryant

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage ( ), home of free CCNA and CCNP  tutorials, and The Ultimate CCNA and CCNP Study Packages.


For free daily CCNA, CCNP, CCENT, and Microsoft Server 2008 and Vista certification questions, just visit the website and sign up for the daily newsletter or visit the site blog!

View More Articles