AAA Services
Cisco routers support AAA either through local databases (using the username/
password command) or through external security servers. External
security servers can use one of two protocols:
■ TACACS+—Runs over TCP port 49. Includes authentication and
encryption of messages between the client and server.
■ RADIUS—Widely supported, standardized in RFC 2865. Cisco allows
the use of proprietary TACACS+ attributes via a vendor-specific attribute
(VSA). Runs over UDP. Does not encrypt entire message; passwords
are sent as an MD5 hash, but the rest of the message is sent in
clear text.