# RADIUS vs TACACS+ One-sentence definition: AAA protocols—**RADIUS** (UDP; network access) and **TACACS+** (TCP; device admin granularity). ## Key Facts - RADIUS: combines authN/authZ; attribute-based policies; widely used with 802.1X. - TACACS+: separates authN/authZ/accounting; per-command control for network devices. - Encrypts: RADIUS only password; TACACS+ encrypts full payload. - Use TLS variants (RadSec) where available; restrict by IP and shared secrets. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose TACACS+ for command-level admin control; RADIUS for 802.1X. **Mnemonic:** “**T**ACACS+ for **T**erminal (device) admin.” ## Mini Scenario Q: Need per-command logging/authorization on routers—pick? A: TACACS+. ## Revision Checklist - Transport and encryption difference. - Use-cases (NAC vs device admin). - Hardening tips. ## Related [[Wireless Authentication (EAP Methods)]] · [[Network Access Control (802.1X, NAC)]] · [[Secure Management and Out-of-Band (OOB)]] · [[SSH and Secure Remote Administration]] · [[Certificates, Revocation, and Pinning]] · [[Domain 4 - Index]]