I see implied comments regarding a difference in architecture between how radius views a NAS vs. how TACACS+ does. Is there anyone who is intimately familiar with call flow of each protocol who can comment on how this is different? Is there a difference in what functional part acts as the authenticator?
What so ever be the method of authentication there is no change in the role Authenticator performs. Refer the case study in the link http://cisco.com/en/US/products/hw/univgate/ps501/products_case_study_chapter09186a00800ee06a.html#xtocid3 for more information.