TACACS+ is used for device administration, especially for GUI and CLI access to infrastructure platforms such as Cisco Catalyst 9800 WLCs, switches, and routers. Cisco defines TACACS+ as a security application that provides centralized validation for users attempting to access a device or network access server, and it separates authentication, authorization, and accounting functions for administrative control. Cisco ISE device administration documentation further states that TACACS+ is used to control and audit network device configuration, allowing devices to query ISE for administrator authentication and authorization while sending accounting records for logging administrator actions.

Therefore, the primary benefit is streamlined administrator access across platforms. Instead of maintaining local administrator accounts independently on every WLC or network device, TACACS+ enables centralized identity validation, role-based authorization, and consistent audit trails. Option A is incorrect because TACACS+ supports differentiated authorization rather than static grouping. Option B is the opposite of centralized accounting. Option D is inaccurate because TACACS+ is mainly for device administration, whereas client or endpoint network access is typically handled with RADIUS. Reference topics:Wireless Monitoring and Management — AAA for WLC administration, TACACS+ device administration, role-based access, and centralized audit control.