Loading...
TACACS
TACACS (Terminal Access Controller Access-Control System) is an authentication, authorization, and accounting protocol widely used in network environments to manage access control for routers, switches, and other network devices. Operating on both TCP and UDP port 49, TACACS helps network administrators enforce centralized security policies easily, offering flexibility and granular access management for network users and administrators alike..
TACACS, or Terminal Access Controller Access-Control System, is a protocol that facilitates centralized user authentication for managing access to various network devices such as routers, switches, and firewalls. Primarily used in enterprise networks, it communicates over port 49 and supports both TCP and UDP transport layers. The protocol enables separation of the authentication, authorization, and accounting (AAA) functions, making it more flexible and manageable for administrators.
There are several versions of TACACS developed over time. The original TACACS provided basic authentication, while extended TACACS added support for accounting services. The most prevalent today is TACACS+, a Cisco proprietary extension that encrypts the entire payload, although the legacy TACACS typically transmits data unencrypted, making it less secure without additional safeguards. Despite these differences, port 49 remains the default communication port used across all TACACS versions.
TACACS is widely integrated into network operating systems and security infrastructures due to its robust support for large-scale network access control. It supports detailed command authorization and accounting, allowing for full logging and detailed auditing of user activities. Its architecture decouples authentication from network device configuration, providing scalability benefits in complex enterprise networks.