TACACS+ (Terminal Access Controller Access-Control System Plus) is an AAA protocol created by Cisco. It helps manage secure access to network devices like routers, switches, and firewalls. While it was initially proprietary, TACACS+ is now widely supported by other vendors, making it a great choice for complex networks.
Purpose of TACACS+
TACACS+ is designed for detailed access control. Unlike other protocols, it separates the three AAA functions, which are Authentication, Authorization and Accounting to give administrators more control over user access, actions, and logs.
How TACACS+ Works
TACACS+ uses a client-server model with TCP on port 49 to ensure reliable and secure communication. Here’s how it works:
TACACS+ Client: The network device (example a router or switch) sends user login details to the TACACS+ server for verification.
TACACS+ Server: This is the central system that verifies user credentials, checks permissions, and logs all user actions.
Unlike RADIUS, TACACS+ encrypts all the data sent between the client and server, making it more secure for sensitive networks.
Answer the question below
In TACACS+, the authentication process is fully encrypted, which protects all user details during transmission.
Authentication Workflow
Here’s how TACACS+ authenticates a user:
Authentication Request: The network device (client) sends the user’s login details to the TACACS+ server.
Server Response: The server checks the credentials and replies with either:
Accept: The user is granted access.
Reject: Access is denied if the credentials are incorrect.
This encryption ensures no sensitive data is exposed, even if someone intercepts the communication.
Answer the question below
Authorization
TACACS+ provides granular control over user actions:
Command-Level Authorization: Every command a user tries to execute is checked against their permissions.
Example: A user might be allowed to run show run to view the configuration but not use configure terminal to make changes.
This ensures users can only perform tasks they are authorized for, improving both security and accountability.
Accounting
TACACS+ keeps detailed logs of all user actions:
40 % Complete: you’re making great progress
Unlock Premium to get the rest of this lesson
If you want to keep going with your CCNA journey, unlock your all-in-one platform to get ready for the CCNA exam.
Access all CCNA lessons
Practice with hands-on labs
Train with Practice exams and Quizzes
Progress tracking in your dashboard
Made by network engineers - CCNP certified
Unlock Premium1151 learners continued their CCNA journey this month
TACACS+
TACACS+ is an AAA protocol that provides secure authentication, detailed authorization, and full accounting for network device access. This lesson explains how TACACS+ works, how to configure it on Cisco devices, and why it is preferred in high-security environments.