How does TACACS+ accounting work?

The TACACS+ protocol provides detailed accounting information and flexible administrative control over the authentication, authorization, and accounting process. TACACS+ uses Transmission Control Protocol (TCP) for its transport. TACACS+ provides security by encrypting all traffic between the NAS and the process.

What is accounting in Tacacs?

TACACS+ accounting allows network managers to log all the activity (commands) executed on the switch.

How do I configure TACACS+?

  1. 1 Configure the switches with the TACACS+ server addresses.
  2. 2 Set an authentication key.
  3. 3 Configure the key from Step 2 on the TACACS+ servers.
  4. 4 Enable authentication, authorization, and accounting (AAA).
  5. 5 Create a login authentication method list.
  6. 6 Apply the list to the terminal lines.

How does Cisco Tacacs work?

TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ services are maintained in a database on a TACACS+ daemon running, typically, on a UNIX or Windows NT workstation.

Is Radius better than Tcacs?

As TACACS+ uses TCP therefore more reliable than RADIUS. TACACS+ provides more control over the authorization of commands while in RADIUS, no external authorization of commands is supported. All the AAA packets are encrypted in TACACS+ while only the passwords are encrypted in RADIUS i.e more secure.

What is the difference between TACACS and TACACS+?

TACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET. TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery. TACACS+ is an enhancement to the TACACS security protocol. TACACS+ is extensible to provide for site customization and future development features.

What is AAA in Cisco configuration?

This chapter describes authentication, authorization, and accounting (AAA, pronounced “triple A”). AAA is a a set of services for controlling access to computer resources, enforcing policies, assessing usage, and providing the information necessary to bill for services.

What is AAA authorization config commands?

Authorization of configuration mode commands is enabled using the aaa authorization config-commands command. command authorization configuration as it prevents the feature from being disabled to gain access to unauthorized exec mode commands. You can configure multiple TACACS+ servers for redundancy.

Who uses TACACS?

Terminal Access Controller Access Control System (TACACS+) is a Cisco proprietary protocol that is used for the communication of the Cisco client and Cisco ACS server. It uses TCP port number 49 which makes it reliable.


RADIUS is an AAA (authentication, authorization, and accounting) protocol that manages network access. RADIUS uses two types of packets to manage the full AAA process: Access-Request, which manages authentication and authorization; and Accounting-Request, which manages accounting.

What is AAA in networking?

Authentication, authorization, and accounting (AAA) is a security framework that controls access to computer resources, enforces policies, and audits usage.

Which is better TACACS+ or RADIUS?

How to configure a TACACS server in Cisco?

How to Configure TACACS 1 Identifying the TACACS Server Host. 2 Setting the TACACS Authentication Key. 3 Configuring AAA Server Groups. 4 Configuring AAA Server Group Selection Based on DNIS. 5 Specifying TACACS Authentication. 6 Specifying TACACS Authorization. 7 Specifying TACACS Accounting. 8 TACACS AV Pairs.

What are the accounting records in Cisco TACACS?

Accounting records include user identities, start and stop times, executed commands (such as PPP), number of packets, and number of bytes.

What is the AAA Accounting Command for TACACS?

For more information about using the aaa accounting command, refer to the “Configuring Accounting” chapter. The tacacs-server host command enables you to specify the names of the IP host or hosts maintaining a TACACS+ server. Because the TACACS+ software searches for the hosts in the order specified]

What do you need to know about TACACS +?

TACACS+ is a security application that provides centralized validation of users attempting to gain access to a router or network access server. TACACS+ provides detailed accounting information and flexible administrative control over authentication and authorization processes.