Further authorization and accounting are different in both protocols as authentication and authorization are combined in RADIUS. The server replies with an access-accept message if the credentials are valid otherwise send an access-reject message to the client.
First, NAD obtains the username prompt and transmits the username to the server, and then again the server is contacted by NAD to obtain the password prompt and then the password is sent to the server. NAD contact the TACACS+ or RADIUS server and transmit the request for authentication (username and password) to the server.
The process is started by Network Access Device (NAD – client of TACACS+ or RADIUS). It uses port number 1812 for authentication and authorization and 1813 for accounting. If one of the clients or servers is from any other vendor (other than Cisco) then we have to use RADIUS. Remote Access Dial-In User Service (RADIUS) is an open standard protocol used for the communication between any vendor AAA client and ACS server. It uses TCP port number 49 which makes it reliable. Terminal Access Controller Access Control System (TACACS+) is a Cisco proprietary protocol that is used for the communication of the Cisco client and Cisco ACS server. For the communication between the client and the ACS server, two protocols are used namely TACACS+ and RADIUS. To provide a centralized management system for the authentication, authorization, and accounting (AAA framework), Access Control Server (ACS) is used. Network Devices (Hub, Repeater, Bridge, Switch, Router, Gateways and Brouter).Controlled Access Protocols in Computer Network.Multiple Access Protocols in Computer Network.