A network administrator for a company that uses Cisco equipment needs to implement a centralized authentication solution. The requirements are that usernames and passwords are not configured locally on each device, and the entire authentication payload must be encrypted during transit. Which of the following protocols meets all these requirements?
Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol that provides centralized Authentication, Authorization, and Accounting (AAA) services. It meets the stated security requirements by encrypting the entire body of the packet during transmission. In contrast, RADIUS is a similar AAA protocol but only encrypts the password field within the authentication packet, leaving the username and other data in cleartext. Kerberos is primarily used for service authentication in a domain environment, and Extensible Authentication Protocol (EAP) is an authentication framework, not a standalone AAA protocol for this specific use case.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between TACACS+ and RADIUS?
Open an interactive chat with Bash
What does AAA stand for in networking and how does it work?