Cisco routers support AAA either through local databases (using the username/password command) or through external security servers. External security servers can use one of two protocols:
■ TACACS+—Runs over TCP port 49. Includes authentication and encryption of messages between the client and server.
■ RADIUS—Widely supported, standardized in RFC 2865. Cisco allows the use of proprietary TACACS+ attributes via a vendor-specific attribute (VSA). Runs over UDP. Does not encrypt entire message; passwords are sent as an MD5 hash, but the rest of the message is sent in clear text.
Was this article helpful?