What next to RADIUS or TACACS+ in Cisco authentication

Authentication is important part of security. Cisco uses RADIUS or TACACS+ authentication protocols.


What’s new  for RADIUS ? new protocol called :Diameter

The name is a pun on the RADIUS protocol, which is the predecessor (a diameter is twice the radius). Diameter is not directly backwards compatible, but provides an upgrade path for RADIUS. The main differences are as follows:
Reliable transport protocols (TCP or SCTP, not UDP)
The IETF is in the process of standardizing TCP Transport for RADIUS

– Diameter is not fully compatible with RADIUS. and IETF is in process of standardizing Diameter.Diameter uses large address space for address value pairs and identifiers of 32 bit length rather than 8 bit in RADIUS.

RADIUS had issues with reliability, scalability, security and flexibility. RADIUS cannot effectively deal well with remote access, IP mobility and policy control. The Diameter protocol defines a policy protocol used by clients to perform Policy, AAA and Resource Control. This allows a single server to handle policies for many services


Here are documentation links from cisco to check out for:


TACACS+ utilizes TCP port 49. It consists of three separate protocols, which can be implemented on separate servers.

TACACS+ offers multiprotocol support, such as IP and AppleTalk. Normal operation fully encrypts the body of the packet for more secure communications. It is a Cisco proprietary enhancement to the original TACACS protocol.




  1. Pingback: Trends in computer networking and communication « sandyclassic

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s