TACACS+
What is TACACS+?
TACACS+An AAA protocol developed by Cisco that separates authentication, authorization, and accounting and encrypts the entire packet payload between client and server.
TACACS+ (Terminal Access Controller Access-Control System Plus) is widely used to manage administrative access to routers, switches, and other network devices. Unlike RADIUS, it runs over TCP and encrypts the full payload between the network access device and the AAA server, and it cleanly separates the three AAA functions — making per-command authorization practical. Administrators can be allowed or denied individual CLI commands based on role, with each action logged centrally. Modern deployments are migrating toward TACACS+ over TLS for stronger transport security. TACACS+ is the de-facto standard for device administration, while RADIUS dominates user/endpoint network access.
● Examples
- 01
A network engineer's CLI session is authenticated and per-command authorized through TACACS+ before any change is applied.
- 02
TACACS+ accounting records every command an admin runs on a core router for audit.
● Frequently asked questions
What is TACACS+?
An AAA protocol developed by Cisco that separates authentication, authorization, and accounting and encrypts the entire packet payload between client and server. It belongs to the Network Security category of cybersecurity.
What does TACACS+ mean?
An AAA protocol developed by Cisco that separates authentication, authorization, and accounting and encrypts the entire packet payload between client and server.
How do you defend against TACACS+?
Defences for TACACS+ typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for TACACS+?
Common alternative names include: Terminal Access Controller Access-Control System Plus.