Authentication is important part of security. Cisco uses RADIUS or TACACS+ authentication protocols.
What’s new for RADIUS ? new protocol called :Diameter
The name is a pun on the RADIUS protocol, which is the predecessor (a diameter is twice the radius). Diameter is not directly backwards compatible, but provides an upgrade path for RADIUS. The main differences are as follows:
Reliable transport protocols (TCP or SCTP, not UDP)
The IETF is in the process of standardizing TCP Transport for RADIUS
– Diameter is not fully compatible with RADIUS. and IETF is in process of standardizing Diameter.Diameter uses large address space for address value pairs and identifiers of 32 bit length rather than 8 bit in RADIUS.
RADIUS had issues with reliability, scalability, security and flexibility. RADIUS cannot effectively deal well with remote access, IP mobility and policy control. The Diameter protocol defines a policy protocol used by clients to perform Policy, AAA and Resource Control. This allows a single server to handle policies for many services
Here are documentation links from cisco to check out for:
TACACS+ utilizes TCP port 49. It consists of three separate protocols, which can be implemented on separate servers.
TACACS+ offers multiprotocol support, such as IP and AppleTalk. Normal operation fully encrypts the body of the packet for more secure communications. It is a Cisco proprietary enhancement to the original TACACS protocol.